Kdf: Split initialize to [copy_key_from, move_key_from, random]. Deprecate old initialize methods.

This commit is contained in:
Didactic Drunk 2022-06-01 01:36:39 -07:00
parent 8db8b410a2
commit 2e1856fedb
2 changed files with 26 additions and 14 deletions

View File

@ -5,11 +5,11 @@ CONTEXT = "8_bytess"
describe Sodium::Kdf do
it "generates master key" do
kdf1 = Sodium::Kdf.new
kdf1 = Sodium::Kdf.random
# verify loading saved key
kdf2 = kdf1.key.readonly do |kslice|
Sodium::Kdf.new kslice.dup
Sodium::Kdf.copy_key_from kslice.dup
end
kdf1.key.should eq kdf2.key
@ -21,7 +21,7 @@ describe Sodium::Kdf do
end
it "generates different keys" do
kdf1 = Sodium::Kdf.new
kdf1 = Sodium::Kdf.random
subkey1 = kdf1.derive CONTEXT, 0, 16
subkey2 = kdf1.derive CONTEXT, 1, 16
subkey1.should_not eq subkey2

View File

@ -7,7 +7,8 @@ module Sodium
#
# Usage:
# ```
# kdf = KDF.new
# kdf = KDF.random
# kdf = KDF.move_key_from bytes
# subkey_id = 0
# output_size = 16
# subkey = kdf.derive "8bytectx", subkey_id, output_size
@ -18,7 +19,7 @@ module Sodium
#
# It's recommended to use a #wipe block to erase the master key when no longer needed
# ```
# kdf = Kdf.new
# kdf = Kdf.random
# ...
# kdf.wipe do
# ### Warning: abnormal exit may not wipe
@ -41,16 +42,29 @@ module Sodium
getter key : Crypto::Secret
def self.random
new(SecureBuffer.random(KEY_SIZE))
end
# Use an existing KDF key.
#
# * Copies key to a new SecureBuffer
# * Optionally erases bytes after copying if erase is set
def initialize(bytes : Bytes, erase = false)
if bytes.bytesize != KEY_SIZE
raise ArgumentError.new("bytes must be #{KEY_SIZE}, got #{bytes.bytesize}")
def self.copy_key_from(bytes : Bytes)
new(SecureBuffer.copy_from(bytes))
end
@key = SecureBuffer.new(bytes, erase).noaccess
# Use an existing KDF key.
#
# * Copies key to a new SecureBuffer
# * Erases bytes after copying
def self.move_key_from(bytes : Bytes)
new(SecureBuffer.move_from(bytes))
end
@[Deprecated("use .copy_key_from or .move_key_from")]
def initialize(bytes : Bytes, erase = false)
@key = SecureBuffer.new(1)
raise NotImplementedError.new("use .copy_key_from or .move_key_from")
end
# Use an existing KDF Crypto::Secret key.
@ -61,9 +75,7 @@ module Sodium
@key.noaccess
end
# Generate a new random KDF key.
#
# Make sure to save kdf.to_slice before kdf goes out of scope.
@[Deprecated("use .random")]
def initialize
@key = SecureBuffer.random(KEY_SIZE).noaccess
end