From 1e240f70b6986a89e2f5efaaf9f8a52775f82a0b Mon Sep 17 00:00:00 2001 From: Didactic Drunk <1479616+didactic-drunk@users.noreply.github.com> Date: Mon, 23 Sep 2019 05:15:53 -0700 Subject: [PATCH] Make Sodium::SecretBox#key public. --- README.md | 14 -------------- src/sodium/cipher/aead/chalsa.cr | 7 +++++-- src/sodium/secret_box.cr | 3 +++ 3 files changed, 8 insertions(+), 16 deletions(-) diff --git a/README.md b/README.md index 4f051a8..385b036 100644 --- a/README.md +++ b/README.md @@ -112,20 +112,6 @@ dependencies: See `examples` for help on using these classes in a complete application. The `specs` provide the best examples of how to use or misuse individual classes. - - - -You may call `.close` on any object that retains keying material to wipe it's key(s) earlier. -Objects with a `.close` method also respond to `Class.open` and wipe when the block returns. - -```crystal -# TODO -Sodium::CryptoBox::SecretKey.open(sec_key, pub_key) do |secret_key| - ... Do crypto operations ... -end -# sec_key is wiped -# public keys aren't wiped. - ``` ### CryptoBox authenticated easy encryption diff --git a/src/sodium/cipher/aead/chalsa.cr b/src/sodium/cipher/aead/chalsa.cr index a05dfb3..3398ee5 100644 --- a/src/sodium/cipher/aead/chalsa.cr +++ b/src/sodium/cipher/aead/chalsa.cr @@ -4,18 +4,21 @@ require "../../nonce" module Sodium::Cipher::Aead abstract class Chalsa - @key : SecureBuffer + # Encryption key + getter key : SecureBuffer # Initializes with a new random key. def initialize @key = SecureBuffer.random key_size end - def initialize(@key : Securebuffer) + # Initializes with a reference to an existing ky. + def initialize(@key : SecureBuffer) raise ArgumentError.new("key size mismatch, got #{@key.bytesize}, wanted #{key_size}") if @key.bytesize != key_size @key.readonly end + # Initializes copying the key to a `SecureBuffer`. def initialize(bytes : Bytes, erase = false) raise ArgumentError.new("key size mismatch, got #{bytes.bytesize}, wanted #{key_size}") if bytes.bytesize != key_size @key = SecureBuffer.new bytes, erase: erase diff --git a/src/sodium/secret_box.cr b/src/sodium/secret_box.cr index 5d746de..c179e06 100644 --- a/src/sodium/secret_box.cr +++ b/src/sodium/secret_box.cr @@ -22,6 +22,9 @@ module Sodium # Returns key delegate to_slice, to: @key + # Encryption key + getter key : SecureBuffer + # Generate a new random key held in a SecureBuffer. def initialize @key = SecureBuffer.random KEY_SIZE