sodium.cr/src/sodium/kdf.cr

require "./lib_sodium"
require "./wipe"

module Sodium
  class Kdf
    include Wipe

    KDF_KEY_SIZE     = LibSodium.crypto_kdf_keybytes
    KDF_CONTEXT_SIZE = LibSodium.crypto_kdf_contextbytes

    @[Wipe::Var]
    getter bytes : Bytes

    delegate to_slice, to: @bytes

    # Use an existing KDF key.
    #
    # WARNING: This class takes ownership of any key material passed to it.
    # If you don't want this behavior pass a duplicate of the key to initialize().
    def initialize(bytes : Bytes)
      if bytes.bytesize != KDF_KEY_SIZE
        raise ArgumentError.new("bytes must be #{KDF_KEY_SIZE}, got #{bytes.bytesize}")
      end

      @bytes = bytes
    end

    # Generate a new random KDF key.
    #
    # WARNING: This class takes ownership of any key material passed to it.
    #
    # Make sure to save kdf.bytes before kdf goes out of scope.
    def initialize
      @bytes = Random::Secure.random_bytes(KDF_KEY_SIZE)
    end

    # Derive a consistent subkey based on `context` and `subkey_id`.
    #
    # context and subkey don't need to be secret
    # * context must be 8 bytes
    # * subkey_size must be 16..64 bytes as of libsodium 1.0.17
    #
    def derive(context, subkey_id, subkey_size)
      if context.bytesize != KDF_CONTEXT_SIZE
        raise ArgumentError.new("context must be #{KDF_CONTEXT_SIZE}, got #{context.bytesize}")
      end

      subkey = Bytes.new subkey_size
      if (ret = LibSodium.crypto_kdf_derive_from_key(subkey, subkey.bytesize, subkey_id, context, @bytes)) != 0
        raise Sodium::Error.new("crypto_kdf_derive_from_key returned #{ret} (subkey size is probably out of range)")
      end
      subkey
    end
  end
end
Documentation. Remove wipe in specs until bugs sorted out. Switch most remaining properties to getter. 2019-06-30 04:20:30 +02:00			`require "./lib_sodium"`
			`require "./wipe"`

Rename project from "cox" to "sodium.cr". 2019-06-29 01:17:09 +02:00			`module Sodium`
Add libsodium kdf. 2019-05-28 23:31:31 +02:00			`class Kdf`
Documentation. Remove wipe in specs until bugs sorted out. Switch most remaining properties to getter. 2019-06-30 04:20:30 +02:00			`include Wipe`

Add seed support to CryptoBox and Sign. Wiping now supports multiple variables by Annotation. 2019-06-30 02:21:00 +02:00			`KDF_KEY_SIZE = LibSodium.crypto_kdf_keybytes`
			`KDF_CONTEXT_SIZE = LibSodium.crypto_kdf_contextbytes`

Documentation. Remove wipe in specs until bugs sorted out. Switch most remaining properties to getter. 2019-06-30 04:20:30 +02:00			`@[Wipe::Var]`
			`getter bytes : Bytes`
Add libsodium kdf. 2019-05-28 23:31:31 +02:00
Switch .to_unsafe to .to_slice Remove use of .pointer 2019-06-28 02:35:31 +02:00			`delegate to_slice, to: @bytes`

Documentation. Remove wipe in specs until bugs sorted out. Switch most remaining properties to getter. 2019-06-30 04:20:30 +02:00			`# Use an existing KDF key.`
			`#`
			`# WARNING: This class takes ownership of any key material passed to it.`
			`# If you don't want this behavior pass a duplicate of the key to initialize().`
Add libsodium kdf. 2019-05-28 23:31:31 +02:00			`def initialize(bytes : Bytes)`
Add seed support to CryptoBox and Sign. Wiping now supports multiple variables by Annotation. 2019-06-30 02:21:00 +02:00			`if bytes.bytesize != KDF_KEY_SIZE`
			`raise ArgumentError.new("bytes must be #{KDF_KEY_SIZE}, got #{bytes.bytesize}")`
Add libsodium kdf. 2019-05-28 23:31:31 +02:00			`end`

			`@bytes = bytes`
			`end`

Documentation. Remove wipe in specs until bugs sorted out. Switch most remaining properties to getter. 2019-06-30 04:20:30 +02:00			`# Generate a new random KDF key.`
			`#`
			`# WARNING: This class takes ownership of any key material passed to it.`
			`#`
			`# Make sure to save kdf.bytes before kdf goes out of scope.`
Add libsodium kdf. 2019-05-28 23:31:31 +02:00			`def initialize`
Add seed support to CryptoBox and Sign. Wiping now supports multiple variables by Annotation. 2019-06-30 02:21:00 +02:00			`@bytes = Random::Secure.random_bytes(KDF_KEY_SIZE)`
Add libsodium kdf. 2019-05-28 23:31:31 +02:00			`end`

Documentation. Remove wipe in specs until bugs sorted out. Switch most remaining properties to getter. 2019-06-30 04:20:30 +02:00			# Derive a consistent subkey based on `context` and `subkey_id`.
			`#`
			`# context and subkey don't need to be secret`
			`# * context must be 8 bytes`
			`# * subkey_size must be 16..64 bytes as of libsodium 1.0.17`
			`#`
Swap Kdf subkey_size and subkey_id arguments. 2019-06-28 01:52:45 +02:00			`def derive(context, subkey_id, subkey_size)`
Add seed support to CryptoBox and Sign. Wiping now supports multiple variables by Annotation. 2019-06-30 02:21:00 +02:00			`if context.bytesize != KDF_CONTEXT_SIZE`
			`raise ArgumentError.new("context must be #{KDF_CONTEXT_SIZE}, got #{context.bytesize}")`
Add libsodium kdf. 2019-05-28 23:31:31 +02:00			`end`

			`subkey = Bytes.new subkey_size`
			`if (ret = LibSodium.crypto_kdf_derive_from_key(subkey, subkey.bytesize, subkey_id, context, @bytes)) != 0`
Rename project from "cox" to "sodium.cr". 2019-06-29 01:17:09 +02:00			`raise Sodium::Error.new("crypto_kdf_derive_from_key returned #{ret} (subkey size is probably out of range)")`
Add libsodium kdf. 2019-05-28 23:31:31 +02:00			`end`
			`subkey`
			`end`
			`end`
			`end`