Documentation.

This commit is contained in:
Didactic Drunk 2019-06-29 19:49:57 -07:00
parent 515b8446b9
commit 65b12cddd9
5 changed files with 38 additions and 13 deletions

View File

@ -1,6 +1,8 @@
require "../lib_sodium" require "../lib_sodium"
module Sodium::CryptoBox module Sodium::CryptoBox
# Key used for encryption + authentication or encryption without authentication, not for unencrypted signing.
#
# WARNING: This class takes ownership of any key material passed to it. # WARNING: This class takes ownership of any key material passed to it.
# If you don't want this behavior pass a duplicate of the key/seed to initialize(). # If you don't want this behavior pass a duplicate of the key/seed to initialize().
class SecretKey < Key class SecretKey < Key
@ -65,7 +67,7 @@ module Sodium::CryptoBox
end end
end end
# Anonymously receive messages without signatures. # Anonymously receive messages without a signatures.
# For authenticated messages use `secret_key.box(recipient_public_key).decrypt`. # For authenticated messages use `secret_key.box(recipient_public_key).decrypt`.
def decrypt(src) def decrypt(src)
encrypt src.to_slice encrypt src.to_slice

View File

@ -5,11 +5,6 @@ module Sodium::Digest
# #
# Compatible with the Crystal OpenSSL::Digest interface. # Compatible with the Crystal OpenSSL::Digest interface.
# #
# digest_size is selectable. Use 32 for Blake2b256 (libsodium default), 64 for Blake2b512
# or any value between OUT_SIZE_MIN and OUT_SIZE_MAX. Many libsodium bindings only support [256] or [256 and 512] bit output.
#
# `key`, `salt`, and `personal` are all optional in the constructor. Most other libsodium bindings don't support them.
#
# Usage: # Usage:
# ``` # ```
# digest = Blake2b.new # digest = Blake2b.new
@ -46,6 +41,13 @@ module Sodium::Digest
@salt = StaticArray(UInt8, 16).new 0 @salt = StaticArray(UInt8, 16).new 0
@personal = StaticArray(UInt8, 16).new 0 @personal = StaticArray(UInt8, 16).new 0
# Create a new Blake2b Digest.
#
# digest_size is selectable. Use 32 for Blake2b256 (libsodium default), 64 for Blake2b512
# or any value between OUT_SIZE_MIN and OUT_SIZE_MAX. Many libsodium bindings only support [256] or [256 and 512] bit output.
#
# `key`, `salt`, and `personal` are all optional. Most other libsodium bindings don't support them.
# Check the other implementation(s) you need to interoperate with before using.
def initialize(@digest_size : Int32 = OUT_SIZE, key : Bytes? = nil, salt : Bytes? = nil, personal : Bytes? = nil) def initialize(@digest_size : Int32 = OUT_SIZE, key : Bytes? = nil, salt : Bytes? = nil, personal : Bytes? = nil)
if k = key if k = key
raise ArgumentError.new("key larger than KEY_SIZE_MAX(#{KEY_SIZE_MAX}), got #{k.bytesize}") if k.bytesize > KEY_SIZE_MAX raise ArgumentError.new("key larger than KEY_SIZE_MAX(#{KEY_SIZE_MAX}), got #{k.bytesize}") if k.bytesize > KEY_SIZE_MAX

View File

@ -2,11 +2,23 @@ require "./lib_sodium"
require "./wipe" require "./wipe"
module Sodium module Sodium
# Key derivation function
#
# WARNING: This class takes ownership of any key material passed to it.
# Read **each** constructor WARNING for differences in usage.
#
# Usage:
# ```
# kdf = KDF.new
# subkey_id = 0
# output_size = 16
# subkey = kdf.derive "8bytectx", subkey_id, output_size
# ```
class Kdf class Kdf
include Wipe include Wipe
KDF_KEY_SIZE = LibSodium.crypto_kdf_keybytes KEY_SIZE = LibSodium.crypto_kdf_keybytes
KDF_CONTEXT_SIZE = LibSodium.crypto_kdf_contextbytes CONTEXT_SIZE = LibSodium.crypto_kdf_contextbytes
@[Wipe::Var] @[Wipe::Var]
getter bytes : Bytes getter bytes : Bytes
@ -18,8 +30,8 @@ module Sodium
# WARNING: This class takes ownership of any key material passed to it. # WARNING: This class takes ownership of any key material passed to it.
# If you don't want this behavior pass a duplicate of the key to initialize(). # If you don't want this behavior pass a duplicate of the key to initialize().
def initialize(bytes : Bytes) def initialize(bytes : Bytes)
if bytes.bytesize != KDF_KEY_SIZE if bytes.bytesize != KEY_SIZE
raise ArgumentError.new("bytes must be #{KDF_KEY_SIZE}, got #{bytes.bytesize}") raise ArgumentError.new("bytes must be #{KEY_SIZE}, got #{bytes.bytesize}")
end end
@bytes = bytes @bytes = bytes
@ -31,7 +43,7 @@ module Sodium
# #
# Make sure to save kdf.bytes before kdf goes out of scope. # Make sure to save kdf.bytes before kdf goes out of scope.
def initialize def initialize
@bytes = Random::Secure.random_bytes(KDF_KEY_SIZE) @bytes = Random::Secure.random_bytes(KEY_SIZE)
end end
# Derive a consistent subkey based on `context` and `subkey_id`. # Derive a consistent subkey based on `context` and `subkey_id`.
@ -41,8 +53,9 @@ module Sodium
# * subkey_size must be 16..64 bytes as of libsodium 1.0.17 # * subkey_size must be 16..64 bytes as of libsodium 1.0.17
# #
def derive(context, subkey_id, subkey_size) def derive(context, subkey_id, subkey_size)
if context.bytesize != KDF_CONTEXT_SIZE context = context.to_slice
raise ArgumentError.new("context must be #{KDF_CONTEXT_SIZE}, got #{context.bytesize}") if context.bytesize != CONTEXT_SIZE
raise ArgumentError.new("context must be #{CONTEXT_SIZE}, got #{context.bytesize}")
end end
subkey = Bytes.new subkey_size subkey = Bytes.new subkey_size

View File

@ -3,6 +3,9 @@ require "./lib_sodium"
module Sodium module Sodium
# [https://libsodium.gitbook.io/doc/secret-key_cryptography](https://libsodium.gitbook.io/doc/secret-key_cryptography) # [https://libsodium.gitbook.io/doc/secret-key_cryptography](https://libsodium.gitbook.io/doc/secret-key_cryptography)
# #
# WARNING: This class takes ownership of any key material passed to it.
# If you don't want this behavior pass a duplicate of the key/seed to initialize().
#
# ```crystal # ```crystal
# key = Sodium::SecretKey.new # key = Sodium::SecretKey.new
# message = "foobar" # message = "foobar"

View File

@ -1,6 +1,11 @@
require "../lib_sodium" require "../lib_sodium"
module Sodium module Sodium
# Key used for signing/verification only.
#
# WARNING: This class takes ownership of any key material passed to it.
# If you don't want this behavior pass a duplicate of the key/seed to initialize().
#
# Usage: # Usage:
# ``` # ```
# key = SecretKey.new # key = SecretKey.new