Internal switch to Crypto::Secret

This commit is contained in:
Didactic Drunk 2021-06-21 17:54:23 -07:00
parent a1706055e1
commit 910666bcdf
5 changed files with 24 additions and 32 deletions

View File

@ -40,14 +40,16 @@ describe Sodium::CryptoBox::SecretKey do
key2 = key1.key.readonly do |ks| key2 = key1.key.readonly do |ks|
Sodium::CryptoBox::SecretKey.new ks, key1.public_key.to_slice Sodium::CryptoBox::SecretKey.new ks, key1.public_key.to_slice
end end
key1.to_slice.should eq key2.to_slice key1.key.should eq key2.key
key1.public_key.to_slice.should eq key2.public_key.to_slice key1.public_key.to_slice.should eq key2.public_key.to_slice
end end
it "recomputes the public_key" do it "recomputes the public_key" do
key1 = Sodium::CryptoBox::SecretKey.new key1 = Sodium::CryptoBox::SecretKey.new
key2 = Sodium::CryptoBox::SecretKey.new key1.to_slice key2 = key1.key.readonly do |ks|
key1.to_slice.should eq key2.to_slice Sodium::CryptoBox::SecretKey.new ks
end
key1.key.should eq key2.key
key1.public_key.to_slice.should eq key2.public_key.to_slice key1.public_key.to_slice.should eq key2.public_key.to_slice
end end
@ -55,7 +57,7 @@ describe Sodium::CryptoBox::SecretKey do
seed = Bytes.new Sodium::CryptoBox::SecretKey::SEED_SIZE seed = Bytes.new Sodium::CryptoBox::SecretKey::SEED_SIZE
key1 = Sodium::CryptoBox::SecretKey.new seed: seed key1 = Sodium::CryptoBox::SecretKey.new seed: seed
key2 = Sodium::CryptoBox::SecretKey.new seed: seed key2 = Sodium::CryptoBox::SecretKey.new seed: seed
key1.to_slice.should eq key2.to_slice key1.key.should eq key2.key
key1.public_key.to_slice.should eq key2.public_key.to_slice key1.public_key.to_slice.should eq key2.public_key.to_slice
end end

View File

@ -8,7 +8,11 @@ describe Sodium::Kdf do
kdf1 = Sodium::Kdf.new kdf1 = Sodium::Kdf.new
# verify loading saved key # verify loading saved key
kdf2 = Sodium::Kdf.new kdf1.to_slice.dup kdf2 = kdf1.key.readonly do |kslice|
Sodium::Kdf.new kslice.dup
end
kdf1.key.should eq kdf2.key
# verify generated subkey's are the same after loading # verify generated subkey's are the same after loading
key1_s1 = kdf1.derive CONTEXT, 0, 16 key1_s1 = kdf1.derive CONTEXT, 0, 16

View File

@ -21,23 +21,6 @@ describe Sodium::SecureBuffer do
buf.readwrite buf.readwrite
end end
it "copies and erases" do
bytes = Bytes.new(5) { 1_u8 }
buf = Sodium::SecureBuffer.new bytes, erase: true
buf.readonly do |slice|
slice.bytesize.should eq 5
slice.each do |b|
b.should eq 1_u8
end
end
bytes.to_slice.each do |b|
b.should eq 0_u8
end
end
it "dups without crashing" do it "dups without crashing" do
buf1 = Sodium::SecureBuffer.new 5 buf1 = Sodium::SecureBuffer.new 5
buf1.noaccess buf1.noaccess

View File

@ -36,9 +36,10 @@ module Sodium
CONTEXT_SIZE = LibSodium.crypto_kdf_contextbytes CONTEXT_SIZE = LibSodium.crypto_kdf_contextbytes
# Returns key # Returns key
delegate_to_slice to: @sbuf @[Deprecated("Use .key instead")]
delegate_to_slice to: @key
@sbuf : Crypto::Secret getter key : Crypto::Secret
# Use an existing KDF key. # Use an existing KDF key.
# #
@ -49,22 +50,22 @@ module Sodium
raise ArgumentError.new("bytes must be #{KEY_SIZE}, got #{bytes.bytesize}") raise ArgumentError.new("bytes must be #{KEY_SIZE}, got #{bytes.bytesize}")
end end
@sbuf = SecureBuffer.new(bytes, erase).noaccess @key = SecureBuffer.new(bytes, erase).noaccess
end end
# Use an existing KDF Crypto::Secret key. # Use an existing KDF Crypto::Secret key.
def initialize(@sbuf : Crypto::Secret) def initialize(@key : Crypto::Secret)
if @sbuf.bytesize != KEY_SIZE if @key.bytesize != KEY_SIZE
raise ArgumentError.new("bytes must be #{KEY_SIZE}, got #{sbuf.bytesize}") raise ArgumentError.new("bytes must be #{KEY_SIZE}, got #{@key.bytesize}")
end end
@sbuf.noaccess @key.noaccess
end end
# Generate a new random KDF key. # Generate a new random KDF key.
# #
# Make sure to save kdf.to_slice before kdf goes out of scope. # Make sure to save kdf.to_slice before kdf goes out of scope.
def initialize def initialize
@sbuf = SecureBuffer.random(KEY_SIZE).noaccess @key = SecureBuffer.random(KEY_SIZE).noaccess
end end
# Derive a consistent subkey based on `context` and `subkey_id`. # Derive a consistent subkey based on `context` and `subkey_id`.
@ -82,7 +83,7 @@ module Sodium
subkey = SecureBuffer.new subkey_size subkey = SecureBuffer.new subkey_size
subkey.readwrite do |sub_slice| subkey.readwrite do |sub_slice|
@sbuf.readonly do |sslice| @key.readonly do |sslice|
if (ret = LibSodium.crypto_kdf_derive_from_key(sub_slice, sub_slice.bytesize, subkey_id, context, sslice)) != 0 if (ret = LibSodium.crypto_kdf_derive_from_key(sub_slice, sub_slice.bytesize, subkey_id, context, sslice)) != 0
raise Sodium::Error.new("crypto_kdf_derive_from_key returned #{ret} (subkey size is probably out of range)") raise Sodium::Error.new("crypto_kdf_derive_from_key returned #{ret} (subkey size is probably out of range)")
end end

View File

@ -22,7 +22,9 @@ module Sodium
# Returns a **readonly** SecureBuffer. # Returns a **readonly** SecureBuffer.
def initialize(bytes : Bytes, erase = false) def initialize(bytes : Bytes, erase = false)
initialize bytes.bytesize initialize bytes.bytesize
bytes.copy_to self.to_slice readwrite do |slice|
slice.copy_from bytes
end
Sodium.memzero(bytes) if erase Sodium.memzero(bytes) if erase
readonly readonly
end end