From b303bec55f2f8c777472f72c3286affb0e380eb9 Mon Sep 17 00:00:00 2001
From: radu <radu@appscenic.com>
Date: Sun, 23 Jun 2024 03:34:10 +0300
Subject: [PATCH] use sodiumoxide for mlock

---
 Cargo.lock            | 100 ++++++++++++++++++++++++++++++++++++++++++
 Cargo.toml            |   1 +
 src/lib.rs            |  11 ++---
 tests/test_zeroize.py |   9 ++--
 4 files changed, 110 insertions(+), 11 deletions(-)

diff --git a/Cargo.lock b/Cargo.lock
index 98d6762..012c0cc 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -20,12 +20,27 @@ version = "2.5.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "cf4b9d6a944f767f8e5e0db018570623c85f3d925ac718db4e06d0187adb21c1"
 
+[[package]]
+name = "cc"
+version = "1.0.99"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "96c51067fd44124faa7f870b4b1c969379ad32b2ba805aa959430ceaa384f695"
+
 [[package]]
 name = "cfg-if"
 version = "1.0.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd"
 
+[[package]]
+name = "ed25519"
+version = "1.5.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "91cff35c70bba8a626e3185d8cd48cc11b5437e1a5bcd15b9b5fa3c64b6dfee7"
+dependencies = [
+ "signature",
+]
+
 [[package]]
 name = "getrandom"
 version = "0.2.15"
@@ -55,6 +70,18 @@ version = "0.2.155"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "97b3888a4aecf77e811145cadf6eef5901f4782c53886191b2f693f24761847c"
 
+[[package]]
+name = "libsodium-sys"
+version = "0.2.7"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "6b779387cd56adfbc02ea4a668e704f729be8d6a6abd2c27ca5ee537849a92fd"
+dependencies = [
+ "cc",
+ "libc",
+ "pkg-config",
+ "walkdir",
+]
+
 [[package]]
 name = "lock_api"
 version = "0.4.12"
@@ -188,6 +215,12 @@ dependencies = [
  "windows-targets 0.52.5",
 ]
 
+[[package]]
+name = "pkg-config"
+version = "0.3.30"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "d231b230927b5e4ad203db57bbcbee2802f6bce620b1e4a9024a07d94e2907ec"
+
 [[package]]
 name = "portable-atomic"
 version = "1.6.0"
@@ -308,18 +341,65 @@ version = "1.1.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "08d43f7aa6b08d49f382cde6a7982047c3426db949b1424bc4b7ec9ae12c6ce2"
 
+[[package]]
+name = "same-file"
+version = "1.0.6"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "93fc1dc3aaa9bfed95e02e6eadabb4baf7e3078b0bd1b4d7b6b0b68378900502"
+dependencies = [
+ "winapi-util",
+]
+
 [[package]]
 name = "scopeguard"
 version = "1.2.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "94143f37725109f92c262ed2cf5e59bce7498c01bcc1502d7b9afe439a4e9f49"
 
+[[package]]
+name = "serde"
+version = "1.0.203"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "7253ab4de971e72fb7be983802300c30b5a7f0c2e56fab8abfc6a214307c0094"
+dependencies = [
+ "serde_derive",
+]
+
+[[package]]
+name = "serde_derive"
+version = "1.0.203"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "500cbc0ebeb6f46627f50f3f5811ccf6bf00643be300b4c3eabc0ef55dc5b5ba"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "syn",
+]
+
+[[package]]
+name = "signature"
+version = "1.6.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "74233d3b3b2f6d4b006dc19dee745e73e2a6bfb6f93607cd3b02bd5b00797d7c"
+
 [[package]]
 name = "smallvec"
 version = "1.13.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "3c5e1a9a646d36c3599cd173a41282daf47c44583ad367b8e6837255952e5c67"
 
+[[package]]
+name = "sodiumoxide"
+version = "0.2.7"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "e26be3acb6c2d9a7aac28482586a7856436af4cfe7100031d219de2d2ecb0028"
+dependencies = [
+ "ed25519",
+ "libc",
+ "libsodium-sys",
+ "serde",
+]
+
 [[package]]
 name = "syn"
 version = "2.0.66"
@@ -349,12 +429,31 @@ version = "0.2.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "c7de7d73e1754487cb58364ee906a499937a0dfabd86bcb980fa99ec8c8fa2ce"
 
+[[package]]
+name = "walkdir"
+version = "2.5.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "29790946404f91d9c5d06f9874efddea1dc06c5efe94541a7d6863108e3a5e4b"
+dependencies = [
+ "same-file",
+ "winapi-util",
+]
+
 [[package]]
 name = "wasi"
 version = "0.11.0+wasi-snapshot-preview1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "9c8d87e72b64a3b4db28d11ce29237c246188f4f51057d65a7eab63b7987e423"
 
+[[package]]
+name = "winapi-util"
+version = "0.1.8"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "4d4cc384e1e73b93bafa6fb4f1df8c41695c8a91cf9c4c64358067d15a7b6c6b"
+dependencies = [
+ "windows-sys 0.52.0",
+]
+
 [[package]]
 name = "windows-sys"
 version = "0.45.0"
@@ -502,6 +601,7 @@ dependencies = [
  "numpy",
  "pyo3",
  "region",
+ "sodiumoxide",
  "zeroize 1.8.1",
 ]
 
diff --git a/Cargo.toml b/Cargo.toml
index 9544497..81f98c1 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -14,6 +14,7 @@ zeroize_rs = { version = "1.8.1", package = "zeroize"}
 numpy = "0.21"
 memsec = "0.7.0"
 region = "3.0.2"
+sodiumoxide = "0.2.7"
 
 [profile.release]
 panic = "abort"
diff --git a/src/lib.rs b/src/lib.rs
index fc07439..dc90db9 100644
--- a/src/lib.rs
+++ b/src/lib.rs
@@ -25,13 +25,10 @@ fn zeroize1(arr: &Bound<'_, PyAny>, py: Python<'_>) -> PyResult<()> {
 #[pyfunction]
 fn mlock(arr: &Bound<'_, PyAny>, py: Python<'_>) -> PyResult<()> {
     let arr = as_array_mut(arr, py)?;
-    unsafe {
-        if !_mlock(arr.as_mut_ptr(), arr.len()) {
-            return Err(PyErr::new::<pyo3::exceptions::PyTypeError, _>(
-                "mlock failed",
-            ));
-        }
-    }
+    // if !_mlock(arr.as_mut_ptr(), arr.len()) {
+    sodiumoxide::utils::mlock(arr).map_err(|_|PyErr::new::<pyo3::exceptions::PyTypeError, _>(
+        "mlock failed",
+    ))?;
     Ok(())
 }
 
diff --git a/tests/test_zeroize.py b/tests/test_zeroize.py
index 459c8ae..d5e87fa 100644
--- a/tests/test_zeroize.py
+++ b/tests/test_zeroize.py
@@ -61,8 +61,7 @@ def unlock_memory(address, size):
     0.5,
     1,
     2,
-#     2.97,
-    4,
+    2.83,
 ]
 
 
@@ -111,9 +110,11 @@ def test_zeroize1_sizes(self):
                 print(f"Length of the array: {size2}")
 
                 print("lock arr")
-                lock_memory(address, size)
+                mlock(arr)
+#                 lock_memory(address, size)
                 print("lock arr2")
-                lock_memory(address2, size2)
+                mlock(arr2)
+#                 lock_memory(address2, size2)
 
                 zeroize1(arr)
                 zeroize1(arr_np)