From 910666bcdf66c7995639525155ec76be67c908d1 Mon Sep 17 00:00:00 2001 From: Didactic Drunk <1479616+didactic-drunk@users.noreply.github.com> Date: Mon, 21 Jun 2021 17:54:23 -0700 Subject: [PATCH] Internal switch to Crypto::Secret --- spec/sodium/crypto_box/secret_key_spec.cr | 10 ++++++---- spec/sodium/kdf_spec.cr | 6 +++++- spec/sodium/secure_buffer_spec.cr | 17 ----------------- src/sodium/kdf.cr | 19 ++++++++++--------- src/sodium/secure_buffer.cr | 4 +++- 5 files changed, 24 insertions(+), 32 deletions(-) diff --git a/spec/sodium/crypto_box/secret_key_spec.cr b/spec/sodium/crypto_box/secret_key_spec.cr index 2baa32d..be1834b 100644 --- a/spec/sodium/crypto_box/secret_key_spec.cr +++ b/spec/sodium/crypto_box/secret_key_spec.cr @@ -40,14 +40,16 @@ describe Sodium::CryptoBox::SecretKey do key2 = key1.key.readonly do |ks| Sodium::CryptoBox::SecretKey.new ks, key1.public_key.to_slice end - key1.to_slice.should eq key2.to_slice + key1.key.should eq key2.key key1.public_key.to_slice.should eq key2.public_key.to_slice end it "recomputes the public_key" do key1 = Sodium::CryptoBox::SecretKey.new - key2 = Sodium::CryptoBox::SecretKey.new key1.to_slice - key1.to_slice.should eq key2.to_slice + key2 = key1.key.readonly do |ks| + Sodium::CryptoBox::SecretKey.new ks + end + key1.key.should eq key2.key key1.public_key.to_slice.should eq key2.public_key.to_slice end @@ -55,7 +57,7 @@ describe Sodium::CryptoBox::SecretKey do seed = Bytes.new Sodium::CryptoBox::SecretKey::SEED_SIZE key1 = Sodium::CryptoBox::SecretKey.new seed: seed key2 = Sodium::CryptoBox::SecretKey.new seed: seed - key1.to_slice.should eq key2.to_slice + key1.key.should eq key2.key key1.public_key.to_slice.should eq key2.public_key.to_slice end diff --git a/spec/sodium/kdf_spec.cr b/spec/sodium/kdf_spec.cr index 4185a6b..8a34a84 100644 --- a/spec/sodium/kdf_spec.cr +++ b/spec/sodium/kdf_spec.cr @@ -8,7 +8,11 @@ describe Sodium::Kdf do kdf1 = Sodium::Kdf.new # verify loading saved key - kdf2 = Sodium::Kdf.new kdf1.to_slice.dup + kdf2 = kdf1.key.readonly do |kslice| + Sodium::Kdf.new kslice.dup + end + + kdf1.key.should eq kdf2.key # verify generated subkey's are the same after loading key1_s1 = kdf1.derive CONTEXT, 0, 16 diff --git a/spec/sodium/secure_buffer_spec.cr b/spec/sodium/secure_buffer_spec.cr index af1d2c0..c5a5e3c 100644 --- a/spec/sodium/secure_buffer_spec.cr +++ b/spec/sodium/secure_buffer_spec.cr @@ -21,23 +21,6 @@ describe Sodium::SecureBuffer do buf.readwrite end - it "copies and erases" do - bytes = Bytes.new(5) { 1_u8 } - - buf = Sodium::SecureBuffer.new bytes, erase: true - buf.readonly do |slice| - slice.bytesize.should eq 5 - - slice.each do |b| - b.should eq 1_u8 - end - end - - bytes.to_slice.each do |b| - b.should eq 0_u8 - end - end - it "dups without crashing" do buf1 = Sodium::SecureBuffer.new 5 buf1.noaccess diff --git a/src/sodium/kdf.cr b/src/sodium/kdf.cr index e922088..0fc4f6a 100644 --- a/src/sodium/kdf.cr +++ b/src/sodium/kdf.cr @@ -36,9 +36,10 @@ module Sodium CONTEXT_SIZE = LibSodium.crypto_kdf_contextbytes # Returns key - delegate_to_slice to: @sbuf + @[Deprecated("Use .key instead")] + delegate_to_slice to: @key - @sbuf : Crypto::Secret + getter key : Crypto::Secret # Use an existing KDF key. # @@ -49,22 +50,22 @@ module Sodium raise ArgumentError.new("bytes must be #{KEY_SIZE}, got #{bytes.bytesize}") end - @sbuf = SecureBuffer.new(bytes, erase).noaccess + @key = SecureBuffer.new(bytes, erase).noaccess end # Use an existing KDF Crypto::Secret key. - def initialize(@sbuf : Crypto::Secret) - if @sbuf.bytesize != KEY_SIZE - raise ArgumentError.new("bytes must be #{KEY_SIZE}, got #{sbuf.bytesize}") + def initialize(@key : Crypto::Secret) + if @key.bytesize != KEY_SIZE + raise ArgumentError.new("bytes must be #{KEY_SIZE}, got #{@key.bytesize}") end - @sbuf.noaccess + @key.noaccess end # Generate a new random KDF key. # # Make sure to save kdf.to_slice before kdf goes out of scope. def initialize - @sbuf = SecureBuffer.random(KEY_SIZE).noaccess + @key = SecureBuffer.random(KEY_SIZE).noaccess end # Derive a consistent subkey based on `context` and `subkey_id`. @@ -82,7 +83,7 @@ module Sodium subkey = SecureBuffer.new subkey_size subkey.readwrite do |sub_slice| - @sbuf.readonly do |sslice| + @key.readonly do |sslice| if (ret = LibSodium.crypto_kdf_derive_from_key(sub_slice, sub_slice.bytesize, subkey_id, context, sslice)) != 0 raise Sodium::Error.new("crypto_kdf_derive_from_key returned #{ret} (subkey size is probably out of range)") end diff --git a/src/sodium/secure_buffer.cr b/src/sodium/secure_buffer.cr index 13539b0..97c717f 100644 --- a/src/sodium/secure_buffer.cr +++ b/src/sodium/secure_buffer.cr @@ -22,7 +22,9 @@ module Sodium # Returns a **readonly** SecureBuffer. def initialize(bytes : Bytes, erase = false) initialize bytes.bytesize - bytes.copy_to self.to_slice + readwrite do |slice| + slice.copy_from bytes + end Sodium.memzero(bytes) if erase readonly end