Internal switch to Crypto::Secret

This commit is contained in:
Didactic Drunk 2021-06-21 17:54:23 -07:00
parent a1706055e1
commit 910666bcdf
5 changed files with 24 additions and 32 deletions

View File

@ -40,14 +40,16 @@ describe Sodium::CryptoBox::SecretKey do
key2 = key1.key.readonly do |ks|
Sodium::CryptoBox::SecretKey.new ks, key1.public_key.to_slice
end
key1.to_slice.should eq key2.to_slice
key1.key.should eq key2.key
key1.public_key.to_slice.should eq key2.public_key.to_slice
end
it "recomputes the public_key" do
key1 = Sodium::CryptoBox::SecretKey.new
key2 = Sodium::CryptoBox::SecretKey.new key1.to_slice
key1.to_slice.should eq key2.to_slice
key2 = key1.key.readonly do |ks|
Sodium::CryptoBox::SecretKey.new ks
end
key1.key.should eq key2.key
key1.public_key.to_slice.should eq key2.public_key.to_slice
end
@ -55,7 +57,7 @@ describe Sodium::CryptoBox::SecretKey do
seed = Bytes.new Sodium::CryptoBox::SecretKey::SEED_SIZE
key1 = Sodium::CryptoBox::SecretKey.new seed: seed
key2 = Sodium::CryptoBox::SecretKey.new seed: seed
key1.to_slice.should eq key2.to_slice
key1.key.should eq key2.key
key1.public_key.to_slice.should eq key2.public_key.to_slice
end

View File

@ -8,7 +8,11 @@ describe Sodium::Kdf do
kdf1 = Sodium::Kdf.new
# verify loading saved key
kdf2 = Sodium::Kdf.new kdf1.to_slice.dup
kdf2 = kdf1.key.readonly do |kslice|
Sodium::Kdf.new kslice.dup
end
kdf1.key.should eq kdf2.key
# verify generated subkey's are the same after loading
key1_s1 = kdf1.derive CONTEXT, 0, 16

View File

@ -21,23 +21,6 @@ describe Sodium::SecureBuffer do
buf.readwrite
end
it "copies and erases" do
bytes = Bytes.new(5) { 1_u8 }
buf = Sodium::SecureBuffer.new bytes, erase: true
buf.readonly do |slice|
slice.bytesize.should eq 5
slice.each do |b|
b.should eq 1_u8
end
end
bytes.to_slice.each do |b|
b.should eq 0_u8
end
end
it "dups without crashing" do
buf1 = Sodium::SecureBuffer.new 5
buf1.noaccess

View File

@ -36,9 +36,10 @@ module Sodium
CONTEXT_SIZE = LibSodium.crypto_kdf_contextbytes
# Returns key
delegate_to_slice to: @sbuf
@[Deprecated("Use .key instead")]
delegate_to_slice to: @key
@sbuf : Crypto::Secret
getter key : Crypto::Secret
# Use an existing KDF key.
#
@ -49,22 +50,22 @@ module Sodium
raise ArgumentError.new("bytes must be #{KEY_SIZE}, got #{bytes.bytesize}")
end
@sbuf = SecureBuffer.new(bytes, erase).noaccess
@key = SecureBuffer.new(bytes, erase).noaccess
end
# Use an existing KDF Crypto::Secret key.
def initialize(@sbuf : Crypto::Secret)
if @sbuf.bytesize != KEY_SIZE
raise ArgumentError.new("bytes must be #{KEY_SIZE}, got #{sbuf.bytesize}")
def initialize(@key : Crypto::Secret)
if @key.bytesize != KEY_SIZE
raise ArgumentError.new("bytes must be #{KEY_SIZE}, got #{@key.bytesize}")
end
@sbuf.noaccess
@key.noaccess
end
# Generate a new random KDF key.
#
# Make sure to save kdf.to_slice before kdf goes out of scope.
def initialize
@sbuf = SecureBuffer.random(KEY_SIZE).noaccess
@key = SecureBuffer.random(KEY_SIZE).noaccess
end
# Derive a consistent subkey based on `context` and `subkey_id`.
@ -82,7 +83,7 @@ module Sodium
subkey = SecureBuffer.new subkey_size
subkey.readwrite do |sub_slice|
@sbuf.readonly do |sslice|
@key.readonly do |sslice|
if (ret = LibSodium.crypto_kdf_derive_from_key(sub_slice, sub_slice.bytesize, subkey_id, context, sslice)) != 0
raise Sodium::Error.new("crypto_kdf_derive_from_key returned #{ret} (subkey size is probably out of range)")
end

View File

@ -22,7 +22,9 @@ module Sodium
# Returns a **readonly** SecureBuffer.
def initialize(bytes : Bytes, erase = false)
initialize bytes.bytesize
bytes.copy_to self.to_slice
readwrite do |slice|
slice.copy_from bytes
end
Sodium.memzero(bytes) if erase
readonly
end