Kdf: Split initialize to [copy_key_from, move_key_from, random]. Deprecate old initialize methods.
This commit is contained in:
parent
8db8b410a2
commit
2e1856fedb
@ -5,11 +5,11 @@ CONTEXT = "8_bytess"
|
|||||||
|
|
||||||
describe Sodium::Kdf do
|
describe Sodium::Kdf do
|
||||||
it "generates master key" do
|
it "generates master key" do
|
||||||
kdf1 = Sodium::Kdf.new
|
kdf1 = Sodium::Kdf.random
|
||||||
|
|
||||||
# verify loading saved key
|
# verify loading saved key
|
||||||
kdf2 = kdf1.key.readonly do |kslice|
|
kdf2 = kdf1.key.readonly do |kslice|
|
||||||
Sodium::Kdf.new kslice.dup
|
Sodium::Kdf.copy_key_from kslice.dup
|
||||||
end
|
end
|
||||||
|
|
||||||
kdf1.key.should eq kdf2.key
|
kdf1.key.should eq kdf2.key
|
||||||
@ -21,7 +21,7 @@ describe Sodium::Kdf do
|
|||||||
end
|
end
|
||||||
|
|
||||||
it "generates different keys" do
|
it "generates different keys" do
|
||||||
kdf1 = Sodium::Kdf.new
|
kdf1 = Sodium::Kdf.random
|
||||||
subkey1 = kdf1.derive CONTEXT, 0, 16
|
subkey1 = kdf1.derive CONTEXT, 0, 16
|
||||||
subkey2 = kdf1.derive CONTEXT, 1, 16
|
subkey2 = kdf1.derive CONTEXT, 1, 16
|
||||||
subkey1.should_not eq subkey2
|
subkey1.should_not eq subkey2
|
||||||
|
@ -7,7 +7,8 @@ module Sodium
|
|||||||
#
|
#
|
||||||
# Usage:
|
# Usage:
|
||||||
# ```
|
# ```
|
||||||
# kdf = KDF.new
|
# kdf = KDF.random
|
||||||
|
# kdf = KDF.move_key_from bytes
|
||||||
# subkey_id = 0
|
# subkey_id = 0
|
||||||
# output_size = 16
|
# output_size = 16
|
||||||
# subkey = kdf.derive "8bytectx", subkey_id, output_size
|
# subkey = kdf.derive "8bytectx", subkey_id, output_size
|
||||||
@ -18,7 +19,7 @@ module Sodium
|
|||||||
#
|
#
|
||||||
# It's recommended to use a #wipe block to erase the master key when no longer needed
|
# It's recommended to use a #wipe block to erase the master key when no longer needed
|
||||||
# ```
|
# ```
|
||||||
# kdf = Kdf.new
|
# kdf = Kdf.random
|
||||||
# ...
|
# ...
|
||||||
# kdf.wipe do
|
# kdf.wipe do
|
||||||
# ### Warning: abnormal exit may not wipe
|
# ### Warning: abnormal exit may not wipe
|
||||||
@ -41,16 +42,29 @@ module Sodium
|
|||||||
|
|
||||||
getter key : Crypto::Secret
|
getter key : Crypto::Secret
|
||||||
|
|
||||||
|
def self.random
|
||||||
|
new(SecureBuffer.random(KEY_SIZE))
|
||||||
|
end
|
||||||
|
|
||||||
# Use an existing KDF key.
|
# Use an existing KDF key.
|
||||||
#
|
#
|
||||||
# * Copies key to a new SecureBuffer
|
# * Copies key to a new SecureBuffer
|
||||||
# * Optionally erases bytes after copying if erase is set
|
def self.copy_key_from(bytes : Bytes)
|
||||||
def initialize(bytes : Bytes, erase = false)
|
new(SecureBuffer.copy_from(bytes))
|
||||||
if bytes.bytesize != KEY_SIZE
|
end
|
||||||
raise ArgumentError.new("bytes must be #{KEY_SIZE}, got #{bytes.bytesize}")
|
|
||||||
end
|
|
||||||
|
|
||||||
@key = SecureBuffer.new(bytes, erase).noaccess
|
# Use an existing KDF key.
|
||||||
|
#
|
||||||
|
# * Copies key to a new SecureBuffer
|
||||||
|
# * Erases bytes after copying
|
||||||
|
def self.move_key_from(bytes : Bytes)
|
||||||
|
new(SecureBuffer.move_from(bytes))
|
||||||
|
end
|
||||||
|
|
||||||
|
@[Deprecated("use .copy_key_from or .move_key_from")]
|
||||||
|
def initialize(bytes : Bytes, erase = false)
|
||||||
|
@key = SecureBuffer.new(1)
|
||||||
|
raise NotImplementedError.new("use .copy_key_from or .move_key_from")
|
||||||
end
|
end
|
||||||
|
|
||||||
# Use an existing KDF Crypto::Secret key.
|
# Use an existing KDF Crypto::Secret key.
|
||||||
@ -61,9 +75,7 @@ module Sodium
|
|||||||
@key.noaccess
|
@key.noaccess
|
||||||
end
|
end
|
||||||
|
|
||||||
# Generate a new random KDF key.
|
@[Deprecated("use .random")]
|
||||||
#
|
|
||||||
# Make sure to save kdf.to_slice before kdf goes out of scope.
|
|
||||||
def initialize
|
def initialize
|
||||||
@key = SecureBuffer.random(KEY_SIZE).noaccess
|
@key = SecureBuffer.random(KEY_SIZE).noaccess
|
||||||
end
|
end
|
||||||
|
Loading…
Reference in New Issue
Block a user