Security Improvements: Introduction of SecureBigInteger

Resolves: No entry
shinji-san · Nov 17, 2024 · 0abf23b · 0abf23b
1 parent eb365a1
commit 0abf23b
Show file tree

Hide file tree

Showing 17 changed files with 3,332 additions and 115 deletions.
diff --git a/src/Cryptography/ShamirsSecretSharing.cs b/src/Cryptography/ShamirsSecretSharing.cs
@@ -5,6 +5,11 @@ namespace SecretSharingDotNet.Cryptography;
 /// </summary>
 public abstract class ShamirsSecretSharing
 {
+    /// <summary>
+    /// The minimum number of shares required to reconstruct the secret
+    /// </summary>
+    protected const int MinimumShareLimit = 2;
+
     /// <summary>
     /// Saves the known security levels (Mersenne prime exponents)
     /// </summary>

diff --git a/src/Cryptography/ShamirsSecretSharing`3.cs b/src/Cryptography/ShamirsSecretSharing`3.cs
@@ -131,7 +131,7 @@ public Shares<TNumber> MakeShares(TNumber numberOfMinimumShares, TNumber numberO
 
         int min = ((Calculator<TNumber>)numberOfMinimumShares).ToInt32();
         int max = ((Calculator<TNumber>)numberOfShares).ToInt32();
-        if (min < 2)
+        if (min < MinimumShareLimit)
         {
             throw new ArgumentOutOfRangeException(nameof(numberOfMinimumShares), numberOfMinimumShares, ErrorMessages.MinNumberOfSharesLowerThanTwo);
         }
@@ -192,7 +192,7 @@ public Shares<TNumber> MakeShares(TNumber numberOfMinimumShares, TNumber numberO
     {
         int min = ((Calculator<TNumber>)numberOfMinimumShares).ToInt32();
         int max = ((Calculator<TNumber>)numberOfShares).ToInt32();
-        if (min < 2)
+        if (min < MinimumShareLimit)
         {
             throw new ArgumentOutOfRangeException(nameof(numberOfMinimumShares), numberOfMinimumShares, ErrorMessages.MinNumberOfSharesLowerThanTwo);
         }
@@ -220,18 +220,40 @@ public Shares<TNumber> MakeShares(TNumber numberOfMinimumShares, TNumber numberO
     /// </summary>
     /// <param name="numberOfMinimumShares">Minimum number of shared secrets for reconstruction</param>
     /// <returns></returns>
+#if NET6_0_OR_GREATER
+    private unsafe Calculator<TNumber>[] CreatePolynomial(int numberOfMinimumShares)
+#else
     private Calculator<TNumber>[] CreatePolynomial(int numberOfMinimumShares)
+#endif
     {
         var polynomial = new Calculator<TNumber>[numberOfMinimumShares];
         polynomial[0] = Calculator<TNumber>.Zero;
         byte[] randomNumber = new byte[this.mersennePrime.ByteCount];
-        using var rng = RandomNumberGenerator.Create();
-        for (int i = 1; i < numberOfMinimumShares; i++)
+#if NET6_0_OR_GREATER
+        fixed (byte* pointer = randomNumber)
         {
-            rng.GetBytes(randomNumber);
-            polynomial[i] = (Calculator.Create(randomNumber, typeof(TNumber)) as Calculator<TNumber>)?.Abs() % this.mersennePrime;
-        }
+            var span = new Span<byte>(pointer, this.mersennePrime.ByteCount);
+            using var rng = RandomNumberGenerator.Create();
+            for (int i = 1; i < numberOfMinimumShares; i++)
+            {
+                rng.GetBytes(span);
+                polynomial[i] = (Calculator.Create(randomNumber, typeof(TNumber)) as Calculator<TNumber>)?.Abs() %
+                                this.mersennePrime;
+            }
 
+            span.Clear();
+        }
+#else
+         using var rng = RandomNumberGenerator.Create();
+         for (int i = 1; i < numberOfMinimumShares; i++)
+         {
+             rng.GetBytes(randomNumber);
+             polynomial[i] = (Calculator.Create(randomNumber, typeof(TNumber)) as Calculator<TNumber>)?.Abs() %
+                             this.mersennePrime;
+         }
+
+         Array.Clear(randomNumber, 0, randomNumber.Length);
+#endif
         return polynomial;
     }
 

diff --git a/src/Cryptography/SharedSeparator.cs b/src/Cryptography/SharedSeparator.cs
@@ -42,4 +42,5 @@ internal static class SharedSeparator
     /// Separator array for <see cref="string.Split(char[])"/> method usage to avoid allocation of a new array.
     /// </summary>
     internal static readonly char[] CoordinateSeparatorArray = [CoordinateSeparator];
-}
+}
+
diff --git a/src/Helper/CompositeDisposable.cs b/src/Helper/CompositeDisposable.cs
@@ -0,0 +1,85 @@
+#if NET6_0_OR_GREATER
+namespace SecretSharingDotNet.Helper;
+
+using System;
+using System.Collections.Concurrent;
+
+/// <summary>
+/// Manages a composite collection of <see cref="IDisposable"/> objects,
+/// ensuring all contained disposables are disposed together.
+/// </summary>
+public sealed class CompositeDisposable : IDisposable
+{
+    private readonly ConcurrentBag<IDisposable> disposables = new();
+    private bool disposed;
+
+    /// <summary>
+    /// Finalizes an instance of the <see cref="CompositeDisposable"/> class.
+    /// </summary>
+    ~CompositeDisposable()
+    {
+        this.Dispose(false);
+    }
+
+    /// <summary>
+    /// Adds a disposable object to the composite collection of disposables.
+    /// </summary>
+    /// <param name="disposable">The disposable object to add.</param>
+    /// <exception cref="ObjectDisposedException">Thrown when the composite disposable has already been disposed.</exception>
+    public void Add(IDisposable disposable)
+    {
+        ArgumentNullException.ThrowIfNull(disposable);
+        if (this.disposed)
+        {
+            throw new ObjectDisposedException(nameof(CompositeDisposable));
+        }
+
+        this.disposables.Add(disposable);
+    }
+
+    /// <summary>
+    /// Clears and disposes all disposable objects contained within the composite collection.
+    /// </summary>
+    public void Clear()
+    {
+        foreach (var disposable in this.disposables)
+        {
+            disposable.Dispose();
+        }
+
+        this.disposables.Clear();
+    }
+
+    /// <summary>
+    /// Disposes the composite collection of disposables, releasing all managed resources.
+    /// </summary>
+    public void Dispose()
+    {
+        this.Dispose(true);
+        GC.SuppressFinalize(this);
+    }
+
+    /// <summary>
+    /// Disposes the composite collection of disposables, releasing all managed resources.
+    /// </summary>
+    /// <param name="disposing">Indicates whether the method call comes from a Dispose method (true) or from a finalizer (false).</param>
+    private void Dispose(bool disposing)
+    {
+        if (this.disposed)
+        {
+            return;
+        }
+
+        if (disposing)
+        {
+            foreach (var disposable in this.disposables)
+            {
+                disposable.Dispose();
+            }
+        }
+
+        this.disposables.Clear();
+        this.disposed = true;
+    }
+}
+#endif
diff --git a/src/Helper/CompositeDisposableContext.cs b/src/Helper/CompositeDisposableContext.cs
@@ -0,0 +1,28 @@
+#if NET6_0_OR_GREATER
+
+namespace SecretSharingDotNet.Helper;
+
+using System.Threading;
+
+/// <summary>
+/// Provides a context for managing a <see cref="CompositeDisposable"/> instance per thread.
+/// </summary>
+public static class CompositeDisposableContext
+{
+    /// <summary>
+    /// Provides a thread-local instance of <see cref="CompositeDisposable"/> that represents
+    /// the current context for managing disposable resources within the thread.
+    /// </summary>
+    public static ThreadLocal<CompositeDisposable> Current { get; } = new ThreadLocal<CompositeDisposable>();
+
+    /// <summary>
+    /// Sets the current thread's <see cref="CompositeDisposable"/> instance.
+    /// </summary>
+    /// <param name="compositeDisposable">The <see cref="CompositeDisposable"/> instance to set for the current thread.</param>
+    public static void SetCurrent(CompositeDisposable compositeDisposable)
+    {
+        Current.Value = compositeDisposable;
+    }
+}
+
+#endif
diff --git a/src/Helper/Extensions.cs b/src/Helper/Extensions.cs
@@ -84,4 +84,114 @@ public static TArray[] Subset<TArray>(this TArray[] array, int index, int count)
         Array.Copy(array,index, subset, 0, count);
         return subset;
     }
+
+#if NET6_0_OR_GREATER
+    /// <summary>
+    /// Extends the byte array to a length that is a multiple of the size of an unsigned integer (UInt32).
+    /// </summary>
+    /// <param name="byteArray">The byte array representing a big integer.</param>
+    /// <returns>A span of bytes with the length extended to a multiple of the size of UInt32.</returns>
+    public static Span<byte> ExtendToMultipleOfUInt(this Span<byte> byteArray)
+    {
+        int newLength = (byteArray.Length + sizeof(uint) - 1) / sizeof(uint) * sizeof(uint);
+        byte[] extendedArray = new byte[newLength];
+        byteArray.CopyTo(extendedArray);
+        return new Span<byte>(extendedArray);
+    }
+
+    /// <summary>
+    /// Trims trailing zeroes from the provided span of bytes.
+    /// </summary>
+    /// <param name="bytes">The span of bytes from which to trim trailing zeroes.</param>
+    /// <returns>A span of bytes with trailing zeroes removed.</returns>
+    public static Span<byte> TrimTrailingZeroes(this Span<byte> bytes)
+    {
+        int length = bytes.Length;
+        for (int i = bytes.Length - 1; i >= 0; i--)
+        {
+            if (bytes[i] == 0)
+            {
+                length--;
+            }
+            else
+            {
+                break;
+            }
+        }
+
+        return bytes[..length];
+    }
+
+    /// <summary>
+    /// Applies two's complement to the given byte array, returning a new array
+    /// where each byte is the bitwise complement of the original with an increment of 1.
+    /// </summary>
+    /// <param name="bytes">The byte array to which the two's complement is to be applied.</param>
+    /// <returns>A new byte array that represents the two's complement of the input byte array.</returns>
+    public static Span<byte> ApplyTwoComplement(this Span<byte> bytes)
+    {
+        byte[] complementArray = new byte[bytes.Length];
+        for (int i = 0; i < bytes.Length; i++)
+        {
+            complementArray[i] = (byte)~bytes[i];
+        }
+
+        bool carry = true;
+        for (int i =0; i < complementArray.Length; i++)
+        {
+            if (!carry)
+            {
+                continue;
+            }
+
+            if (complementArray[i] == byte.MaxValue)
+            {
+                complementArray[i] = 0;
+            }
+            else
+            {
+                complementArray[i]++;
+                carry = false;
+            }
+        }
+
+        return complementArray;
+    }
+
+    /// <summary>
+    /// Reverses the two's complement representation of a byte sequence and returns the original byte array.
+    /// </summary>
+    /// <param name="complementArray">The byte array in two's complement form.</param>
+    /// <returns>A byte array representing the original binary number before two's complement was applied.</returns>
+    public static Span<byte> ReverseTwoComplement(this Span<byte> complementArray)
+    {
+        byte[] originalArray = new byte[complementArray.Length];
+        bool borrow = true;
+        for (int i = 0; i < complementArray.Length; i++)
+        {
+            if (borrow)
+            {
+                if (complementArray[i] == 0)
+                {
+                    originalArray[i] = byte.MaxValue;
+                }
+                else
+                {
+                    originalArray[i] = (byte)(complementArray[i] - 1);
+                    borrow = false;
+                }
+            }
+            else
+            {
+                originalArray[i] = complementArray[i];
+            }
+        }
+        for(int i = 0; i < complementArray.Length; i++)
+        {
+            originalArray[i] = (byte)~originalArray[i];
+        }
+
+        return originalArray;
+    }
+#endif
 }
diff --git a/src/Helper/Scope.cs b/src/Helper/Scope.cs
@@ -0,0 +1,55 @@
+#if NET6_0_OR_GREATER
+
+namespace SecretSharingDotNet.Helper;
+
+using System;
+using System.Collections.Concurrent;
+
+public sealed class Scope : IDisposable
+{
+    private readonly ConcurrentDictionary<Type, object> services = new();
+    private bool disposed;
+
+    ~Scope()
+    {
+        this.Dispose(false);
+    }
+
+    public T GetScopedSingleton<T>() where T : class, new()
+    {
+        var type = typeof(T);
+        if (this.services.TryGetValue(type, out object service))
+        {
+            return service as T;
+        }
+
+        var newService = new T();
+        this.services.TryAdd(type, newService);
+        return newService;
+    }
+
+    public void Dispose()
+    {
+        this.Dispose(true);
+        GC.SuppressFinalize(this);
+    }
+
+    private void Dispose(bool disposing)
+    {
+        if (this.disposed)
+        {
+            return;
+        }
+
+        if (disposing)
+        {
+            foreach (IDisposable service in this.services.Values)
+            {
+                service?.Dispose();
+            }
+        }
+
+        this.disposed = true;
+    }
+}
+#endif