Version 0.9.0

Rearrange CryptoBox. Move Sodium::Error to it's own file. Requiring individual files is now possible. Individual require now possible.
2019-07-01 06:24:26 -07:00 · 2019-07-01 06:24:26 -07:00 · 92ac0ef6d4
parent 7dcaeb1332
commit 92ac0ef6d4
22 changed files with 67 additions and 24 deletions
--- a/README.md
+++ b/README.md
@ -31,7 +31,7 @@ Crystal bindings for the [libsodium API](https://libsodium.gitbook.io/doc/)
   - [ ] ChaCha20-Poly1305
 - [Hashing](https://libsodium.gitbook.io/doc/hashing)
  - [x] ☑ [Blake2b](https://libsodium.gitbook.io/doc/hashing/generic_hashing)
-    - [x] Complete implementation including `key`, `salt`, `personal` and fully selectable output sizes.
+    - [x] Complete libsodium implementation including `key`, `salt`, `personal` and fully selectable output sizes.
  - [ ] [SipHash](https://libsodium.gitbook.io/doc/hashing/short-input_hashing)
 - [Password Hashing](https://libsodium.gitbook.io/doc/password_hashing)
  - [x] [Argon2](https://libsodium.gitbook.io/doc/password_hashing/the_argon2i_function) (Use for new applications)
@ -48,7 +48,10 @@ Crystal bindings for the [libsodium API](https://libsodium.gitbook.io/doc/)
    - [x] ChaCha20
  - [ ] [One time auth](https://libsodium.gitbook.io/doc/advanced/poly1305)
  - [ ] Padding
-  - (Partial) Semi-automatic memory wiping.
+- Library features
+  - Faster builds by requiring what you need (`require "sodium/secret_box"`)
+  - Controlled memory wiping (by calling `.close`)
+  - Semi-automatic memory wiping (on GC).

 ☑ Indicate specs are compared against test vectors from another source.

--- a/examples/constants.cr
+++ b/examples/constants.cr
@ -1,5 +1,7 @@
 require "../src/sodium"

+# Print most constant values.
+
 {% for name in %w(KEY_SIZE KEY_SIZE_MIN KEY_SIZE_MAX SALT_SIZE PERSONAL_SIZE OUT_SIZE OUT_SIZE_MIN OUT_SIZE_MAX) %}
  puts "Sodium::Digest::Blake2b::{{ name.id }} #{Sodium::Digest::Blake2b::{{ name.id }}}"
 {% end %}
--- a/shard.yml
+++ b/shard.yml
@ -1,8 +1,9 @@
 name: sodium
-version: 0.1.0
+version: 0.9.0

 authors:
  - Andrew Hamon <andrew@hamon.cc>
+  - Didactic Drunk <1479616+didactic-drunk@users.noreply.github.com>

 development_dependencies:
  ghshard:
--- a/spec/sodium/crypto_box/secret_key_spec.cr
+++ b/spec/sodium/crypto_box/secret_key_spec.cr
@ -1,4 +1,5 @@
 require "../../spec_helper"
+require "../../../src/sodium/crypto_box/secret_key"

 private def new_key_bytes
  Sodium::CryptoBox::SecretKey.new.bytes
--- a/spec/sodium/digest/blake2b_spec.cr
+++ b/spec/sodium/digest/blake2b_spec.cr
@ -1,4 +1,5 @@
 require "../../spec_helper"
+require "../../../src/sodium/digest/blake2b"
 require "json"

 # From https://github.com/BLAKE2/BLAKE2/tree/master/testvectors
--- a/spec/sodium/kdf_spec.cr
+++ b/spec/sodium/kdf_spec.cr
@ -1,4 +1,5 @@
 require "../spec_helper"
+require "../../src/sodium/kdf"

 CONTEXT = "8_bytess"

--- a/spec/sodium/pwhash_spec.cr
+++ b/spec/sodium/pwhash_spec.cr
@ -1,4 +1,5 @@
 require "../spec_helper"
+require "../../src/sodium/pwhash"

 private def pw_min
  pwhash = Sodium::Pwhash.new
--- a/spec/sodium/secret_box_spec.cr
+++ b/spec/sodium/secret_box_spec.cr
@ -1,4 +1,5 @@
 require "../spec_helper"
+require "../../src/sodium/secret_box"

 describe Sodium::SecretBox do
  it "encrypts/decrypts" do
--- a/spec/sodium_spec.cr
+++ b/spec/sodium_spec.cr
@ -1,4 +1,5 @@
 require "./spec_helper"
+require "../src/sodium"

 describe Sodium do
  # Finished in 71 microseconds
--- a/spec/spec_helper.cr
+++ b/spec/spec_helper.cr
@ -1,5 +1,6 @@
 require "spec"
-require "../src/sodium"
+
+# require "../src/sodium"

 def check_wiped(buf : Bytes)
  GC.collect
--- a/src/sodium.cr
+++ b/src/sodium.cr
@ -1,17 +1,4 @@
-require "random/secure"
-
 module Sodium
-  class Error < ::Exception
-    class VerificationFailed < Error
-    end
-
-    class DecryptionFailed < Error
-    end
-  end
-
-  def self.memzero(bytes : Bytes)
-    LibSodium.sodium_memzero bytes, bytes.bytesize
-  end
 end

 require "./sodium/**"
--- a/src/sodium/cipher/chalsa.cr
+++ b/src/sodium/cipher/chalsa.cr
@ -1,10 +1,16 @@
 require "../lib_sodium"
+require "../wipe"

 module Sodium::Cipher
  # The great beat you can eat!
  #
  # What? They're both dance?
+  #
+  # WARNING: This class takes ownership of any key material passed to it.
+  #
+  # WARNING: Not validated against test vectors.  You should probably write some before using.
  abstract class Chalsa
+    @[Wipe::Var]
    @key : Bytes?
    @nonce : Bytes?

--- a/src/sodium/crypto_box/box.cr
+++ b/src/sodium/crypto_box/box.cr
@ -1,7 +1,9 @@
-require "../lib_sodium"
+require "./lib_sodium"
+require "./wipe"
+require "./crypto_box/secret_key"

-module Sodium::CryptoBox
-  class Box
+module Sodium
+  class CryptoBox
    include Wipe

    MAC_SIZE = LibSodium.crypto_box_macbytes
@ -25,6 +27,10 @@ module Sodium::CryptoBox
      {nonce, dst}
    end

+    def decrypt_easy(src)
+      decrypt_easy src.to_slice
+    end
+
    def decrypt_easy(src : Bytes, dst = Bytes.new(src.bytesize - MAC_SIZE), nonce = Nonce.new) : Bytes
      if LibSodium.crypto_box_open_easy(dst, src, src.bytesize, nonce.to_slice, @public_key.to_slice, @secret_key.to_slice) != 0
        raise Error::DecryptionFailed.new("crypto_box_open_easy")
--- a/src/sodium/crypto_box/public_key.cr
+++ b/src/sodium/crypto_box/public_key.cr
@ -1,6 +1,7 @@
 require "../lib_sodium"
+require "../key"

-module Sodium::CryptoBox
+class Sodium::CryptoBox
  class PublicKey < Key
    KEY_SIZE  = LibSodium.crypto_box_publickeybytes
    SEAL_SIZE = LibSodium.crypto_box_sealbytes
--- a/src/sodium/crypto_box/secret_key.cr
+++ b/src/sodium/crypto_box/secret_key.cr
@ -1,6 +1,9 @@
 require "../lib_sodium"
+require "../key"
+require "./public_key"
+require "../crypto_box"

-module Sodium::CryptoBox
+class Sodium::CryptoBox
  # Key used for encryption + authentication or encryption without authentication, not for unencrypted signing.
  #
  # WARNING: This class takes ownership of any key material passed to it.
@ -53,8 +56,8 @@ module Sodium::CryptoBox
    end

    # Return a Box containing a precomputed shared secret for use with authenticated encryption/decryption.
-    def box(public_key) : Box
-      Box.new self, public_key
+    def box(public_key) : CryptoBox
+      CryptoBox.new self, public_key
    end

    # Create a new box and automatically close when the block exits.
--- a/src/sodium/digest/blake2b.cr
+++ b/src/sodium/digest/blake2b.cr
@ -1,3 +1,5 @@
+require "../lib_sodium"
+require "../wipe"
 require "openssl/digest/digest_base"

 module Sodium::Digest
--- a/src/sodium/error.cr
+++ b/src/sodium/error.cr
@ -0,0 +1,11 @@
+require "random/secure"
+
+module Sodium
+  class Error < ::Exception
+    class VerificationFailed < Error
+    end
+
+    class DecryptionFailed < Error
+    end
+  end
+end
--- a/src/sodium/lib_sodium.cr
+++ b/src/sodium/lib_sodium.cr
@ -1,3 +1,6 @@
+require "random/secure"
+require "./error"
+
 module Sodium
  @[Link(ldflags: "`#{__DIR__}/../../build/pkg-libs.sh #{__DIR__}/../..`")]
  lib LibSodium
--- a/src/sodium/pwhash.cr
+++ b/src/sodium/pwhash.cr
@ -1,3 +1,5 @@
+require "./lib_sodium"
+
 module Sodium
  # [Argon2 Password Hashing](https://libsodium.gitbook.io/doc/password_hashing/the_argon2i_function)
  # * #store #verify #needs_rehash? are used together for password verification.
--- a/src/sodium/secret_box.cr
+++ b/src/sodium/secret_box.cr
@ -1,4 +1,5 @@
 require "./lib_sodium"
+require "./key"

 module Sodium
  # [https://libsodium.gitbook.io/doc/secret-key_cryptography](https://libsodium.gitbook.io/doc/secret-key_cryptography)
--- a/src/sodium/sign/secret_key.cr
+++ b/src/sodium/sign/secret_key.cr
@ -1,4 +1,6 @@
 require "../lib_sodium"
+require "../key"
+require "./public_key"

 module Sodium
  # Key used for signing/verification only.
--- a/src/sodium/wipe.cr
+++ b/src/sodium/wipe.cr
@ -1,3 +1,9 @@
+module Sodium
+  def self.memzero(bytes : Bytes)
+    LibSodium.sodium_memzero bytes, bytes.bytesize
+  end
+end
+
 module Sodium::Wipe
  annotation Var
  end