Make Crypto functions aware of secure_string.

Also fixed a bug in secure_string where the decrypted char array was the
wrong size due to padding.

Author: LadyCailin

src/main/java/com/laytonsmith/PureUtilities/Common/Annotations/AnnotationChecks.java

@@ -19,8 +19,6 @@
 import java.util.HashSet;
 import java.util.List;
 import java.util.Set;
-import java.util.logging.Level;
-import java.util.logging.Logger;
 
 /**
  * This class is run by maven at compile time, and checks to ensure that the various annotations referenced here are

src/main/java/com/laytonsmith/core/MainSandbox.java

@@ -7,17 +7,30 @@
  */
 public class MainSandbox {
 
-	public static interface B1 {
-		String method(int i, String b);
+	public static interface Interface {
+		void method(int i, String b, int j);
 	}
-	@NonInheritImplements(B1.class)
+	@NonInheritImplements(Interface.class)
 	public static class A1 {
-		public String method(int i, String b) {
-			return "";
+		public void method(int i, String b, int j) {
+			System.out.println("i: " + i + "; b: " + b);
 		}
 	}
+
+	public static class A2 extends A1 {
+		void moreMethods() {
+
+		}
+	}
+
 	public static void main(String[] argv) throws Exception {
+		Interface i_f = NonInheritImplements.Helper.Cast(Interface.class, new A1());
+		System.out.println(NonInheritImplements.Helper.Instanceof(new A2(), Interface.class));
+		myMethod(i_f);
+	}
 
+	public static void myMethod(Interface iface) {
+		iface.method(12, "string", 123);
 	}
 
 }

src/main/java/com/laytonsmith/core/constructs/CSecureString.java

@@ -37,6 +37,7 @@ public class CSecureString extends CString {
 	private byte[] encrypted;
 	private Cipher decrypter;
 	private int encLength;
+	private int actualLength;
 
 	public CSecureString(char[] val, Target t) {
 		super("**secure string**", t);
@@ -50,6 +51,7 @@ public CSecureString(CArray val, Target t) {
 
 	private void construct(byte[] val) {
 		try {
+			actualLength = val.length;
 			SecureRandom rand = SecureRandom.getInstanceStrong();
 			byte[] keyBytes = new byte[24];
 			rand.nextBytes(keyBytes);
@@ -93,6 +95,7 @@ public char[] getDecryptedCharArray() {
 			byte[] decrypted = new byte[decrypter.getOutputSize(encLength)];
 			int decLen = decrypter.update(encrypted, 0, encLength, decrypted, 0);
 			decrypter.doFinal(decrypted, decLen);
+			decrypted = ArrayUtils.slice(decrypted, 0, actualLength - 1);
 			return ArrayUtils.bytesToChar(decrypted);
 		} catch(ShortBufferException | IllegalBlockSizeException | BadPaddingException ex) {
 			throw new RuntimeException(ex);
@@ -103,9 +106,6 @@ public CArray getDecryptedCharCArray() {
 		char[] array = getDecryptedCharArray();
 		CArray carray = new CArray(Target.UNKNOWN, array.length);
 		for(char c : array) {
-			if(c == '\0') {
-				continue;
-			}
 			carray.push(new CString(c, Target.UNKNOWN), Target.UNKNOWN);
 		}
 		return carray;

src/main/java/com/laytonsmith/core/functions/Crypto.java

@@ -1,5 +1,6 @@
 package com.laytonsmith.core.functions;
 
+import com.laytonsmith.PureUtilities.Common.ArrayUtils;
 import com.laytonsmith.PureUtilities.Common.StringUtils;
 import com.laytonsmith.PureUtilities.Version;
 import com.laytonsmith.annotations.api;
@@ -9,6 +10,7 @@
 import com.laytonsmith.core.Static;
 import com.laytonsmith.core.constructs.CBoolean;
 import com.laytonsmith.core.constructs.CByteArray;
+import com.laytonsmith.core.constructs.CSecureString;
 import com.laytonsmith.core.constructs.CString;
 import com.laytonsmith.core.constructs.Construct;
 import com.laytonsmith.core.constructs.Target;
@@ -36,22 +38,35 @@
 public class Crypto {
 
 	public static String docs() {
-		return "Provides common cryptographic functions";
+		return "Provides common cryptographic functions. Many functions in this class are aware of and compatible"
+				+ " with secure_string (where specified in the function documentation). In these cases, if the"
+				+ " argument passed in is a secure_string, it is first decrypted and the underlying string is used"
+				+ " rather than the default string value \"**secure string**\".";
 	}
 
 	private static CString getHMAC(String algorithm, Target t, Construct[] args) {
 		try {
 			SecretKeySpec signingKey = new SecretKeySpec(args[0].val().getBytes(), algorithm);
 			Mac mac = Mac.getInstance(algorithm);
 			mac.init(signingKey);
-			byte[] hmac = mac.doFinal(args[1].val().getBytes());
+			byte[] hmac = mac.doFinal(getByteArrayFromArg(args[1]));
 			String hash = StringUtils.toHex(hmac).toLowerCase();
 			return new CString(hash, t);
 		} catch(NoSuchAlgorithmException | InvalidKeyException ex) {
 			throw new CREPluginInternalException("An error occured while trying to hash your data", t, ex);
 		}
 	}
 
+	private static byte[] getByteArrayFromArg(Construct c) {
+		byte[] val;
+		if(c instanceof CSecureString) {
+			val = ArrayUtils.charToBytes(((CSecureString)c).getDecryptedCharArray());
+		} else {
+			val = c.val().getBytes();
+		}
+		return val;
+	}
+
 	@api
 	public static class rot13 extends AbstractFunction implements Optimizable {
 
@@ -144,7 +159,7 @@ public Integer[] numArgs() {
 		public String docs() {
 			return "string {val} Returns the md5 hash of the specified string. The md5 hash is no longer considered secure, so you should"
 					+ " not use it for storage of sensitive data, however for general hashing, it is a quick and easy solution. md5 is"
-					+ " a one way hashing algorithm.";
+					+ " a one way hashing algorithm. This function is aware of and compatible with secure_string.";
 		}
 
 		@Override
@@ -170,8 +185,9 @@ public Boolean runAsync() {
 		@Override
 		public Construct exec(Target t, Environment environment, Construct... args) throws ConfigRuntimeException {
 			try {
+				byte[] val = getByteArrayFromArg(args[0]);
 				MessageDigest digest = java.security.MessageDigest.getInstance("MD5");
-				digest.update(args[0].val().getBytes());
+				digest.update(val);
 				String hash = StringUtils.toHex(digest.digest()).toLowerCase();
 				return new CString(hash, t);
 			} catch(NoSuchAlgorithmException ex) {
@@ -212,7 +228,8 @@ public Integer[] numArgs() {
 		public String docs() {
 			return "string {val} Returns the sha1 hash of the specified string. Note that sha1 is considered more secure than md5,"
 					+ " but is also not considered secure. sha-256 should be used instead for storing sensitive"
-					+ " data. It is a one way hashing algorithm.";
+					+ " data. It is a one way hashing algorithm. This function is aware of and compatible with"
+					+ " secure_string.";
 		}
 
 		@Override
@@ -238,8 +255,9 @@ public Boolean runAsync() {
 		@Override
 		public Construct exec(Target t, Environment environment, Construct... args) throws ConfigRuntimeException {
 			try {
+				byte[] val = getByteArrayFromArg(args[0]);
 				MessageDigest digest = java.security.MessageDigest.getInstance("SHA1");
-				digest.update(args[0].val().getBytes());
+				digest.update(val);
 				String hash = StringUtils.toHex(digest.digest()).toLowerCase();
 				return new CString(hash, t);
 			} catch(NoSuchAlgorithmException ex) {
@@ -279,7 +297,8 @@ public Integer[] numArgs() {
 		@Override
 		public String docs() {
 			return "string {val} Returns the sha256 hash of the specified string. Note that sha256 is considered more secure than sha1 and md5, and is"
-					+ " typically used when storing sensitive data. It is a one way hashing algorithm.";
+					+ " typically used when storing sensitive data. It is a one way hashing algorithm. This function"
+					+ " is aware of and compatible with secure_string.";
 		}
 
 		@Override
@@ -305,8 +324,9 @@ public Boolean runAsync() {
 		@Override
 		public Construct exec(Target t, Environment environment, Construct... args) throws ConfigRuntimeException {
 			try {
+				byte[] val = getByteArrayFromArg(args[0]);
 				MessageDigest digest = java.security.MessageDigest.getInstance("SHA-256");
-				digest.update(args[0].val().getBytes());
+				digest.update(val);
 				String hash = StringUtils.toHex(digest.digest()).toLowerCase();
 				return new CString(hash, t);
 			} catch(NoSuchAlgorithmException ex) {
@@ -348,7 +368,8 @@ public Integer[] numArgs() {
 		public String docs() {
 			return "string {val} Returns the sha512 hash of the specified string. Note that sha512"
 					+ " is considered more secure than sha1 and md5 (and sha256, because it takes longer to calculate),"
-					+ " and is typically used when storing sensitive data. It is a one way hashing algorithm.";
+					+ " and is typically used when storing sensitive data. It is a one way hashing algorithm. This"
+					+ " function is aware of and compatible with secure_string.";
 		}
 
 		@Override
@@ -374,8 +395,9 @@ public Boolean runAsync() {
 		@Override
 		public Construct exec(Target t, Environment environment, Construct... args) throws ConfigRuntimeException {
 			try {
+				byte[] val = getByteArrayFromArg(args[0]);
 				MessageDigest digest = java.security.MessageDigest.getInstance("SHA-512");
-				digest.update(args[0].val().getBytes());
+				digest.update(val);
 				String hash = StringUtils.toHex(digest.digest()).toLowerCase();
 				return new CString(hash, t);
 			} catch(NoSuchAlgorithmException ex) {
@@ -425,7 +447,13 @@ public Construct exec(Target t, Environment environment, Construct... args) thro
 				log_rounds = Static.getInt32(args[1], t);
 			}
 			try {
-				String hash = BCrypt.hashpw(args[0].val(), BCrypt.gensalt(log_rounds));
+				String val;
+				if(args[0] instanceof CSecureString) {
+					val = new String(((CSecureString)args[0]).getDecryptedCharArray());
+				} else {
+					val = args[0].val();
+				}
+				String hash = BCrypt.hashpw(val, BCrypt.gensalt(log_rounds));
 				return new CString(hash, t);
 			} catch(IllegalArgumentException ex) {
 				throw new CRERangeException(ex.getMessage(), t);
@@ -452,7 +480,8 @@ public String docs() {
 					+ " complete in under a second, however, setting it to 10 will take"
 					+ " many seconds, and setting it to 15 will take a few minutes. The workload must be between 5"
 					+ " and 31. See the documentation for check_bcrypt for full usage. Bcrypt is recommended for"
-					+ " password hashing, whereas sha-* functions are not.";
+					+ " password hashing, whereas sha-* functions are not. This function is aware of and compatible"
+					+ " with secure_string.";
 		}
 
 		@Override
@@ -489,7 +518,13 @@ public Boolean runAsync() {
 
 		@Override
 		public Construct exec(Target t, Environment environment, Construct... args) throws ConfigRuntimeException {
-			return CBoolean.get(BCrypt.checkpw(args[0].val(), args[1].val()));
+			String val;
+			if(args[0] instanceof CSecureString) {
+				val = new String(((CSecureString)args[0]).getDecryptedCharArray());
+			} else {
+				val = args[0].val();
+			}
+			return CBoolean.get(BCrypt.checkpw(val, args[1].val()));
 		}
 
 		@Override
@@ -510,7 +545,8 @@ public String docs() {
 					+ "string @plain = 'plaintext';\n"
 					+ "string @hash = bcrypt(@plain);\n"
 					+ "msg(if(check_bcrypt(@plain, @hash),"
-					+ " 'They match!', 'They do not match!'));\n";
+					+ " 'They match!', 'They do not match!'));\n"
+					+ "\n\nThis function is aware of and compatible with secure_string.";
 		}
 
 		@Override
@@ -653,7 +689,8 @@ public Integer[] numArgs() {
 
 		@Override
 		public String docs() {
-			return "string {key, val} Returns the md5 HMAC of the specified string using the provided key.";
+			return "string {key, val} Returns the md5 HMAC of the specified string using the provided key. This function"
+					+ " is aware of and compatible with secure_string.";
 		}
 
 		@Override
@@ -711,7 +748,8 @@ public Integer[] numArgs() {
 
 		@Override
 		public String docs() {
-			return "string {key, val} Returns the sha1 HMAC of the specified string using the provided key.";
+			return "string {key, val} Returns the sha1 HMAC of the specified string using the provided key. This function"
+					+ " is aware of and compatible with secure_string.";
 		}
 
 		@Override
@@ -769,7 +807,8 @@ public Integer[] numArgs() {
 
 		@Override
 		public String docs() {
-			return "string {key, val} Returns the sha256 HMAC of the specified string using the provided key.";
+			return "string {key, val} Returns the sha256 HMAC of the specified string using the provided key. This"
+					+ " function is aware of and compatible with secure_string.";
 		}
 
 		@Override