Refactoring (#49)

* Migrate ECDSA to use _Scope

* Document reasoning for first checking Hash

* Migrate RsaPss to _Scope

* Migrate RsaSsa to _Scope

* Remove unused _withEVP_MD_CTX

* Refactor signing and verification into methods

* More _Scope migrations

* Move RsaOaep to _Scope

* Ecdsa migration to _Scope

* Migrate more to _Scope

* Utility methods for creating stuff with _Scope

Author: jonasfj

lib/src/impl_ffi/impl_ffi.aescbc.dart

@@ -47,7 +47,7 @@ Stream<Uint8List> _aesCbcEncryptOrDecrypt(
       throw ArgumentError.value(iv, 'iv', 'must be $ivSize bytes');
     }
 
-    final ctx = scope.create(ssl.EVP_CIPHER_CTX_new, ssl.EVP_CIPHER_CTX_free);
+    final ctx = scope.createEVP_CIPHER_CTX();
     _checkOpIsOne(ssl.EVP_CipherInit_ex(
       ctx,
       cipher,

lib/src/impl_ffi/impl_ffi.aesctr.dart

@@ -92,7 +92,7 @@ Stream<Uint8List> _aesCtrEncryptOrDecrypt(
     // reuse the same counter value which is not allowed.
     var bytes_after_wraparound = ctr * BigInt.from(blockSize);
 
-    final ctx = scope.create(ssl.EVP_CIPHER_CTX_new, ssl.EVP_CIPHER_CTX_free);
+    final ctx = scope.createEVP_CIPHER_CTX();
     _checkOpIsOne(ssl.EVP_CipherInit_ex(
       ctx,
       cipher,

lib/src/impl_ffi/impl_ffi.ec_common.dart

@@ -90,28 +90,31 @@ _EvpPKey _importPkcs8EcPrivateKey(
   List<int> keyData,
   EllipticCurve curve,
 ) {
-  final k = _withDataAsCBS(keyData, ssl.EVP_parse_private_key);
-  _checkData(k.address != 0, fallback: 'unable to parse key');
-  final key = _EvpPKey.wrap(k);
-
-  _validateEllipticCurveKey(key, curve);
-  return key;
+  return _Scope.sync((scope) {
+    final k = ssl.EVP_parse_private_key(scope.createCBS(keyData));
+    _checkData(k.address != 0, fallback: 'unable to parse key');
+    final key = _EvpPKey.wrap(k);
+    _validateEllipticCurveKey(key, curve);
+    return key;
+  });
 }
 
 _EvpPKey _importSpkiEcPublicKey(
   List<int> keyData,
   EllipticCurve curve,
 ) {
-  // TODO: When calling EVP_parse_public_key it might wise to check that CBS_len(cbs) == 0 is true afterwards
-  // otherwise it might be that all of the contents of the key was not consumed and we should throw
-  // a FormatException. Notice that this the case for private/public keys, and RSA keys.
-  final k = _withDataAsCBS(keyData, ssl.EVP_parse_public_key);
-  _checkData(k.address != 0, fallback: 'unable to parse key');
-  final key = _EvpPKey.wrap(k);
+  return _Scope.sync((scope) {
+    // TODO: When calling EVP_parse_public_key it might wise to check that CBS_len(cbs) == 0 is true afterwards
+    // otherwise it might be that all of the contents of the key was not consumed and we should throw
+    // a FormatException. Notice that this the case for private/public keys, and RSA keys.
+    final k = ssl.EVP_parse_public_key(scope.createCBS(keyData));
+    _checkData(k.address != 0, fallback: 'unable to parse key');
+    final key = _EvpPKey.wrap(k);
 
-  _validateEllipticCurveKey(key, curve);
+    _validateEllipticCurveKey(key, curve);
 
-  return key;
+    return key;
+  });
 }
 
 _EvpPKey _importJwkEcPrivateOrPublicKey(
@@ -256,17 +259,18 @@ Uint8List _exportRawEcPublicKey(_EvpPKey key) {
     _checkOp(ec.address != 0, fallback: 'internal key type invariant error');
     scope.defer(() => ssl.EC_KEY_free(ec));
 
-    return _withOutCBB((cbb) {
-      return _checkOpIsOne(
-          ssl.EC_POINT_point2cbb(
-            cbb,
-            ssl.EC_KEY_get0_group(ec),
-            ssl.EC_KEY_get0_public_key(ec),
-            point_conversion_form_t.POINT_CONVERSION_UNCOMPRESSED,
-            ffi.nullptr,
-          ),
-          fallback: 'formatting failed');
-    });
+    final cbb = scope.createCBB();
+    _checkOpIsOne(
+      ssl.EC_POINT_point2cbb(
+        cbb,
+        ssl.EC_KEY_get0_group(ec),
+        ssl.EC_KEY_get0_public_key(ec),
+        point_conversion_form_t.POINT_CONVERSION_UNCOMPRESSED,
+        ffi.nullptr,
+      ),
+      fallback: 'formatting failed',
+    );
+    return cbb.copy();
   });
 }
 
@@ -286,8 +290,8 @@ Map<String, dynamic> _exportJwkEcPrivateOrPublicKey(
     // Determine byte size used for encoding params
     final paramSize = _numBitsToBytes(ssl.EC_GROUP_get_degree(group));
 
-    final x = scope.create(ssl.BN_new, ssl.BN_free);
-    final y = scope.create(ssl.BN_new, ssl.BN_free);
+    final x = scope.createBN();
+    final y = scope.createBN();
 
     _checkOpIsOne(ssl.EC_POINT_get_affine_coordinates_GFp(
       group,

lib/src/impl_ffi/impl_ffi.ecdh.dart

@@ -124,20 +124,20 @@ class _EcdhPrivateKey implements EcdhPrivateKey {
       }
 
       final lengthInBytes = (length / 8).ceil();
-      final derived = _withOutPointer(lengthInBytes, (ffi.Pointer<ffi.Void> p) {
-        final outLen = ssl.ECDH_compute_key(
-          p,
-          lengthInBytes,
-          ssl.EC_KEY_get0_public_key(pubEcKey),
-          privEcKey,
-          ffi.nullptr,
-        );
-        _checkOp(outLen != -1, fallback: 'ECDH key derivation failed');
-        _checkOp(
-          outLen == lengthInBytes,
-          message: 'internal error in ECDH key derivation',
-        );
-      });
+      final out = scope<ffi.Uint8>(lengthInBytes);
+      final outLen = ssl.ECDH_compute_key(
+        out.cast(),
+        lengthInBytes,
+        ssl.EC_KEY_get0_public_key(pubEcKey),
+        privEcKey,
+        ffi.nullptr,
+      );
+      _checkOp(outLen != -1, fallback: 'ECDH key derivation failed');
+      _checkOp(
+        outLen == lengthInBytes,
+        message: 'internal error in ECDH key derivation',
+      );
+      final derived = out.copy(lengthInBytes);
 
       // Only return the first [length] bits from derived.
       final zeroBits = lengthInBytes * 8 - length;
@@ -159,11 +159,7 @@ class _EcdhPrivateKey implements EcdhPrivateKey {
       _exportJwkEcPrivateOrPublicKey(_key, isPrivateKey: true, jwkUse: null);
 
   @override
-  Future<Uint8List> exportPkcs8Key() async {
-    return _withOutCBB((cbb) {
-      _checkOp(ssl.EVP_marshal_private_key.invoke(cbb, _key) == 1);
-    });
-  }
+  Future<Uint8List> exportPkcs8Key() async => _exportPkcs8Key(_key);
 }
 
 class _EcdhPublicKey implements EcdhPublicKey {
@@ -183,9 +179,5 @@ class _EcdhPublicKey implements EcdhPublicKey {
   Future<Uint8List> exportRawKey() async => _exportRawEcPublicKey(_key);
 
   @override
-  Future<Uint8List> exportSpkiKey() async {
-    return _withOutCBB((cbb) {
-      _checkOp(ssl.EVP_marshal_public_key.invoke(cbb, _key) == 1);
-    });
-  }
+  Future<Uint8List> exportSpkiKey() async => _exportSpkiKey(_key);
 }

lib/src/impl_ffi/impl_ffi.ecdsa.dart

@@ -94,7 +94,7 @@ Uint8List _convertEcdsaDerSignatureToWebCryptoSignature(
 ) {
   return _Scope.sync((scope) {
     // TODO: Check if cbs is empty after parsing, consider using ECDSA_SIG_from_bytes instead (like chrome does)
-    final ecdsa = _withDataAsCBS(signature, ssl.ECDSA_SIG_parse);
+    final ecdsa = ssl.ECDSA_SIG_parse(scope.createCBS(signature));
     _checkOp(ecdsa.address != 0,
         message: 'internal error formatting signature');
     scope.defer(() => ssl.ECDSA_SIG_free(ecdsa));
@@ -108,25 +108,22 @@ Uint8List _convertEcdsaDerSignatureToWebCryptoSignature(
       ec,
     )));
 
-    return _withAllocation(_sslAlloc<ffi.Pointer<BIGNUM>>(2),
-        (ffi.Pointer<ffi.Pointer<BIGNUM>> RS) {
-      // Access R and S from the ecdsa signature
-      final R = RS.elementAt(0);
-      final S = RS.elementAt(1);
-      ssl.ECDSA_SIG_get0(ecdsa, R, S);
-
-      // Dump R and S to return value.
-      return _withOutPointer(N * 2, (ffi.Pointer<ffi.Uint8> p) {
-        _checkOpIsOne(
-          ssl.BN_bn2bin_padded(p.elementAt(0), N, R.value),
-          fallback: 'internal error formatting R in signature',
-        );
-        _checkOpIsOne(
-          ssl.BN_bn2bin_padded(p.elementAt(N), N, S.value),
-          fallback: 'internal error formatting S in signature',
-        );
-      });
-    });
+    // Access R and S from the ecdsa signature
+    final R = scope<ffi.Pointer<BIGNUM>>();
+    final S = scope<ffi.Pointer<BIGNUM>>();
+    ssl.ECDSA_SIG_get0(ecdsa, R, S);
+
+    // Dump R and S to return value.
+    final out = scope<ffi.Uint8>(N * 2);
+    _checkOpIsOne(
+      ssl.BN_bn2bin_padded(out.elementAt(0), N, R.value),
+      fallback: 'internal error formatting R in signature',
+    );
+    _checkOpIsOne(
+      ssl.BN_bn2bin_padded(out.elementAt(N), N, S.value),
+      fallback: 'internal error formatting S in signature',
+    );
+    return out.copy(N * 2);
   });
 }
 
@@ -157,33 +154,29 @@ Uint8List? _convertEcdsaWebCryptoSignatureToDerSignature(
       return null;
     }
 
-    final ecdsa = ssl.ECDSA_SIG_new();
-    _checkOp(ecdsa.address != 0,
-        message: 'internal error formatting signature');
-    scope.defer(() => ssl.ECDSA_SIG_free(ecdsa));
-
-    return _withAllocation(_sslAlloc<ffi.Pointer<BIGNUM>>(2),
-        (ffi.Pointer<ffi.Pointer<BIGNUM>> RS) {
-      // Access R and S from the ecdsa signature
-      final R = RS.elementAt(0);
-      final S = RS.elementAt(1);
-      ssl.ECDSA_SIG_get0(ecdsa, R, S);
-
-      _withDataAsPointer(signature, (ffi.Pointer<ffi.Uint8> p) {
-        _checkOp(
-          ssl.BN_bin2bn(p.elementAt(0), N, R.value).address != 0,
-          fallback: 'allocation failure',
-        );
-        _checkOp(
-          ssl.BN_bin2bn(p.elementAt(N), N, S.value).address != 0,
-          fallback: 'allocation failure',
-        );
-      });
-      return _withOutCBB((cbb) => _checkOpIsOne(
-            ssl.ECDSA_SIG_marshal(cbb, ecdsa),
-            fallback: 'internal error reformatting signature',
-          ));
-    });
+    final ecdsa = scope.create(ssl.ECDSA_SIG_new, ssl.ECDSA_SIG_free);
+
+    // Access R and S from the ecdsa signature
+    final R = scope<ffi.Pointer<BIGNUM>>();
+    final S = scope<ffi.Pointer<BIGNUM>>();
+    ssl.ECDSA_SIG_get0(ecdsa, R, S);
+
+    final psig = scope.dataAsPointer<ffi.Uint8>(signature);
+    _checkOp(
+      ssl.BN_bin2bn(psig.elementAt(0), N, R.value).address != 0,
+      fallback: 'allocation failure',
+    );
+    _checkOp(
+      ssl.BN_bin2bn(psig.elementAt(N), N, S.value).address != 0,
+      fallback: 'allocation failure',
+    );
+
+    final cbb = scope.createCBB();
+    _checkOpIsOne(
+      ssl.ECDSA_SIG_marshal(cbb, ecdsa),
+      fallback: 'internal error reformatting signature',
+    );
+    return cbb.copy();
   });
 }
 
@@ -199,26 +192,7 @@ class _EcdsaPrivateKey implements EcdsaPrivateKey {
   @override
   Future<Uint8List> signStream(Stream<List<int>> data, Hash hash) async {
     final md = _Hash.fromHash(hash)._md;
-
-    final sig = await _withEVP_MD_CTX((ctx) async {
-      _checkOpIsOne(ssl.EVP_DigestSignInit.invoke(
-        ctx,
-        ffi.nullptr,
-        md,
-        ffi.nullptr,
-        _key,
-      ));
-
-      await _streamToUpdate(data, ctx, ssl.EVP_DigestSignUpdate);
-      return _withAllocation(_sslAlloc<ffi.Size>(),
-          (ffi.Pointer<ffi.Size> len) {
-        len.value = 0;
-        _checkOpIsOne(ssl.EVP_DigestSignFinal(ctx, ffi.nullptr, len));
-        return _withOutPointer(len.value, (ffi.Pointer<ffi.Uint8> p) {
-          _checkOpIsOne(ssl.EVP_DigestSignFinal(ctx, p, len));
-        }).sublist(0, len.value);
-      });
-    });
+    final sig = await _signStream(_key, md, data);
     return _convertEcdsaDerSignatureToWebCryptoSignature(_key, sig);
   }
 
@@ -227,11 +201,7 @@ class _EcdsaPrivateKey implements EcdsaPrivateKey {
       _exportJwkEcPrivateOrPublicKey(_key, isPrivateKey: true, jwkUse: 'sig');
 
   @override
-  Future<Uint8List> exportPkcs8Key() async {
-    return _withOutCBB((cbb) {
-      _checkOp(ssl.EVP_marshal_private_key.invoke(cbb, _key) == 1);
-    });
-  }
+  Future<Uint8List> exportPkcs8Key() async => _exportPkcs8Key(_key);
 }
 
 class _EcdsaPublicKey implements EcdsaPublicKey {
@@ -258,29 +228,7 @@ class _EcdsaPublicKey implements EcdsaPublicKey {
       return false;
     }
 
-    return await _withEVP_MD_CTX((ctx) async {
-      return await _withPEVP_PKEY_CTX((pctx) async {
-        _checkOpIsOne(ssl.EVP_DigestVerifyInit.invoke(
-          ctx,
-          pctx,
-          md,
-          ffi.nullptr,
-          _key,
-        ));
-        await _streamToUpdate(data, ctx, ssl.EVP_DigestVerifyUpdate);
-        return _withDataAsPointer(sig, (ffi.Pointer<ffi.Uint8> p) {
-          final result = ssl.EVP_DigestVerifyFinal(ctx, p, sig.length);
-          if (result != 1) {
-            // TODO: We should always clear errors, when returning from any
-            //       function that uses BoringSSL.
-            // Note: In this case we could probably assert that error is just
-            //       signature related.
-            ssl.ERR_clear_error();
-          }
-          return result == 1;
-        });
-      });
-    });
+    return await _verifyStream(_key, md, sig, data);
   }
 
   @override
@@ -291,9 +239,5 @@ class _EcdsaPublicKey implements EcdsaPublicKey {
   Future<Uint8List> exportRawKey() async => _exportRawEcPublicKey(_key);
 
   @override
-  Future<Uint8List> exportSpkiKey() async {
-    return _withOutCBB((cbb) {
-      _checkOp(ssl.EVP_marshal_public_key.invoke(cbb, _key) == 1);
-    });
-  }
+  Future<Uint8List> exportSpkiKey() async => _exportSpkiKey(_key);
 }