Improve cryptography tests.

test/CMakeLists.txt

@@ -167,7 +167,6 @@ set(TILEDB_UNIT_TEST_SOURCES
   src/unit-compression-dd.cc
   src/unit-compression-delta.cc
   src/unit-compression-rle.cc
-  src/unit-crypto.cc
   src/unit-ctx.cc
   src/unit-current-domain-rest.cc
   src/unit-dense-reader.cc

tiledb/sm/crypto/CMakeLists.txt

@@ -37,8 +37,9 @@ commence(object_library tiledb_crypto)
         this_target_link_libraries(bcrypt)
     else()
         find_package(OpenSSL REQUIRED)
-	#this_target_link_libraries(OpenSSL::Crypto)
-	target_link_libraries(tiledb_crypto PRIVATE OpenSSL::Crypto)
+        # We cannot use this_target_link_libraries, because it links with PUBLIC
+        # visibility, and we use OpenSSL only as an internal implementation detail.
+        target_link_libraries(tiledb_crypto PRIVATE OpenSSL::Crypto)
     endif()
     # OpenSSL-3 deprecates MD5
     if(MSVC)
@@ -47,3 +48,5 @@ commence(object_library tiledb_crypto)
         set_source_files_properties(crypto_openssl.cc PROPERTIES COMPILE_OPTIONS "-Wno-deprecated-declarations")
     endif()
 conclude(object_library)
+
+add_test_subdirectory()

tiledb/sm/crypto/crypto.cc

@@ -36,8 +36,10 @@
 
 #ifdef _WIN32
 #include "tiledb/sm/crypto/crypto_win32.h"
+using PlatformCrypto = tiledb::sm::Win32CNG;
 #else
 #include "tiledb/sm/crypto/crypto_openssl.h"
+using PlatformCrypto = tiledb::sm::OpenSSL;
 #endif
 
 using namespace tiledb::common;
@@ -89,11 +91,7 @@ Status Crypto::decrypt_aes256gcm(
     return LOG_STATUS(
         Status_EncryptionError("AES-256-GCM error; invalid tag."));
 
-#ifdef _WIN32
-  return Win32CNG::decrypt_aes256gcm(key, iv, tag, input, output);
-#else
-  return OpenSSL::decrypt_aes256gcm(key, iv, tag, input, output);
-#endif
+  return PlatformCrypto::decrypt_aes256gcm(key, iv, tag, input, output);
 }
 
 Status Crypto::md5(ConstBuffer* input, Buffer* output) {
@@ -107,11 +105,7 @@ Status Crypto::md5(
 
 Status Crypto::md5(
     const void* input, uint64_t input_read_size, Buffer* output) {
-#ifdef _WIN32
-  return Win32CNG::md5(input, input_read_size, output);
-#else
-  return OpenSSL::md5(input, input_read_size, output);
-#endif
+  return PlatformCrypto::md5(input, input_read_size, output);
 }
 
 Status Crypto::sha256(ConstBuffer* input, Buffer* output) {
@@ -125,11 +119,7 @@ Status Crypto::sha256(
 
 Status Crypto::sha256(
     const void* input, uint64_t input_read_size, Buffer* output) {
-#ifdef _WIN32
-  return Win32CNG::sha256(input, input_read_size, output);
-#else
-  return OpenSSL::sha256(input, input_read_size, output);
-#endif
+  return PlatformCrypto::sha256(input, input_read_size, output);
 }
 
 }  // namespace sm

tiledb/sm/crypto/crypto_openssl.cc

@@ -48,20 +48,19 @@ using namespace tiledb::common;
 namespace tiledb {
 namespace sm {
 
-Status OpenSSL::get_random_bytes(unsigned num_bytes, Buffer* output) {
-  if (output->free_space() < num_bytes)
-    RETURN_NOT_OK(output->realloc(output->alloced_size() + num_bytes));
-
-  int rc = RAND_bytes((unsigned char*)output->cur_data(), num_bytes);
-  if (rc < 1) {
-    char err_msg[256];
-    ERR_error_string_n(ERR_get_error(), err_msg, sizeof(err_msg));
-    return Status_EncryptionError(
-        "Cannot generate random bytes with OpenSSL: " + std::string(err_msg));
+static Status get_random_bytes(span<uint8_t> buffer) {
+  while (!buffer.empty()) {
+    int num_bytes =
+        int(std::min(buffer.size(), size_t(std::numeric_limits<int>::max())));
+    int rc = RAND_bytes(buffer.data(), num_bytes);
+    if (rc < 1) {
+      char err_msg[256];
+      ERR_error_string_n(ERR_get_error(), err_msg, sizeof(err_msg));
+      return Status_EncryptionError(
+          "Cannot generate random bytes with OpenSSL: " + std::string(err_msg));
+    }
+    buffer = buffer.subspan(num_bytes);
   }
-  output->advance_size(num_bytes);
-  output->advance_offset(num_bytes);
-
   return Status::Ok();
 }
 
@@ -83,11 +82,11 @@ Status OpenSSL::encrypt_aes256gcm(
     RETURN_NOT_OK(output->realloc(output->alloced_size() + required_space));
 
   // Generate IV if the given IV buffer is null.
-  Buffer generated_iv;
+  std::array<unsigned char, Crypto::AES256GCM_IV_BYTES> generated_iv;
   int iv_len;
   unsigned char* iv_buf;
   if (iv == nullptr || iv->data() == nullptr) {
-    RETURN_NOT_OK(get_random_bytes(Crypto::AES256GCM_IV_BYTES, &generated_iv));
+    RETURN_NOT_OK(get_random_bytes(generated_iv));
     iv_len = (int)generated_iv.size();
     iv_buf = (unsigned char*)generated_iv.data();
   } else {

tiledb/sm/crypto/crypto_openssl.h

@@ -107,16 +107,6 @@ class OpenSSL {
    */
   static Status sha256(
       const void* input, uint64_t input_read_size, Buffer* output);
-
- private:
-  /**
-   * Generates a number of cryptographically random bytes.
-   *
-   * @param num_bytes Number of bytes to generate.
-   * @param output Buffer to store random bytes.
-   * @return Status
-   */
-  static Status get_random_bytes(unsigned num_bytes, Buffer* output);
 };
 
 }  // namespace sm

tiledb/sm/crypto/crypto_win32.cc

@@ -33,6 +33,8 @@
 #ifdef _WIN32
 
 #include "tiledb/sm/crypto/crypto_win32.h"
+
+#include <algorithm>
 #include "tiledb/common/heap_memory.h"
 #include "tiledb/common/logger.h"
 #include "tiledb/sm/buffer/buffer.h"
@@ -47,28 +49,26 @@ using namespace tiledb::common;
 namespace tiledb {
 namespace sm {
 
-Status Win32CNG::get_random_bytes(unsigned num_bytes, Buffer* output) {
-  if (output->free_space() < num_bytes)
-    RETURN_NOT_OK(output->realloc(output->alloced_size() + num_bytes));
-
+static Status get_random_bytes(span<uint8_t> buffer) {
   BCRYPT_ALG_HANDLE alg_handle;
   if (!NT_SUCCESS(BCryptOpenAlgorithmProvider(
           &alg_handle, BCRYPT_RNG_ALGORITHM, nullptr, 0)))
     return Status_EncryptionError(
         "Win32CNG error; generating random bytes: error opening algorithm.");
 
-  if (!NT_SUCCESS(BCryptGenRandom(
-          alg_handle, (unsigned char*)output->cur_data(), num_bytes, 0))) {
-    BCryptCloseAlgorithmProvider(alg_handle, 0);
-    return Status_EncryptionError(
-        "Win32CNG error; generating random bytes: error generating bytes.");
+  while (!buffer.empty()) {
+    ULONG num_bytes = ULONG(
+        std::min(buffer.size(), size_t(std::numeric_limits<ULONG>::max())));
+    if (!NT_SUCCESS(BCryptGenRandom(alg_handle, buffer.data(), num_bytes, 0))) {
+      BCryptCloseAlgorithmProvider(alg_handle, 0);
+      return Status_EncryptionError(
+          "Win32CNG error; generating random bytes: error generating bytes.");
+    }
+    buffer = buffer.subspan(num_bytes);
   }
 
   BCryptCloseAlgorithmProvider(alg_handle, 0);
 
-  output->advance_size(num_bytes);
-  output->advance_offset(num_bytes);
-
   return Status::Ok();
 }
 
@@ -87,11 +87,11 @@ Status Win32CNG::encrypt_aes256gcm(
   // Generate IV if the given IV buffer is null.
   ULONG iv_len;
   unsigned char* iv_buf;
-  Buffer generated_iv;
+  std::array<unsigned char, Crypto::AES256GCM_IV_BYTES> generated_iv;
   if (iv == nullptr || iv->data() == nullptr) {
-    RETURN_NOT_OK(get_random_bytes(Crypto::AES256GCM_IV_BYTES, &generated_iv));
+    RETURN_NOT_OK(get_random_bytes(generated_iv));
     iv_len = (ULONG)generated_iv.size();
-    iv_buf = (unsigned char*)generated_iv.data();
+    iv_buf = generated_iv.data();
   } else {
     iv_len = (ULONG)iv->size();
     iv_buf = (unsigned char*)iv->data();
@@ -294,16 +294,6 @@ Status Win32CNG::decrypt_aes256gcm(
   return Status::Ok();
 }
 
-Status Win32CNG::md5(
-    const void* input, uint64_t input_read_size, Buffer* output) {
-  return hash_bytes(input, input_read_size, output, BCRYPT_MD5_ALGORITHM);
-}
-
-Status Win32CNG::sha256(
-    const void* input, uint64_t input_read_size, Buffer* output) {
-  return hash_bytes(input, input_read_size, output, BCRYPT_SHA256_ALGORITHM);
-}
-
 Status Win32CNG::hash_bytes(
     const void* input,
     uint64_t input_read_size,

tiledb/sm/crypto/crypto_win32.h

@@ -41,6 +41,7 @@
 #include <windows.h>
 
 #include <bcrypt.h>
+
 #include "tiledb/common/status.h"
 
 using namespace tiledb::common;
@@ -101,7 +102,9 @@ class Win32CNG {
    * @return Status
    */
   static Status md5(
-      const void* input, uint64_t input_read_size, Buffer* output);
+      const void* input, uint64_t input_read_size, Buffer* output) {
+    return hash_bytes(input, input_read_size, output, BCRYPT_MD5_ALGORITHM);
+  }
 
   /**
    * Compute sha256 checksum of data
@@ -112,11 +115,14 @@ class Win32CNG {
    * @return Status
    */
   static Status sha256(
-      const void* input, uint64_t input_read_size, Buffer* output);
+      const void* input, uint64_t input_read_size, Buffer* output) {
+    return hash_bytes(input, input_read_size, output, BCRYPT_SHA256_ALGORITHM);
+  }
 
+ private:
   /**
    *
-   * Compute a has using Win32CNG functions
+   * Compute a hash using Win32CNG functions
    *
    * @param input Plaintext to compute hash of
    * @param input_read_size size of input to read for hash
@@ -129,16 +135,6 @@ class Win32CNG {
       uint64_t input_read_size,
       Buffer* output,
       LPCWSTR hash_algorithm);
-
- private:
-  /**
-   * Generates a number of cryptographically random bytes.
-   *
-   * @param num_bytes Number of bytes to generate.
-   * @param output Buffer to store random bytes.
-   * @return Status
-   */
-  static Status get_random_bytes(unsigned num_bytes, Buffer* output);
 };
 
 }  // namespace sm

tiledb/sm/crypto/test/CMakeLists.txt

@@ -0,0 +1,32 @@
+#
+# tiledb/sm/crypto/test/CMakeLists.txt
+#
+# The MIT License
+#
+# Copyright (c) 2024 TileDB, Inc.
+#
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to deal
+# in the Software without restriction, including without limitation the rights
+# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+# copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in
+# all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+# THE SOFTWARE.
+#
+
+include(unit_test)
+
+commence(unit_test tiledb_crypto)
+    this_target_sources(unit_tiledb_crypto.cc)
+    this_target_object_libraries(tiledb_crypto)
+conclude(unit_test)