From 92ac0ef6d4f784e6aaf19544a06ba6b7b82db5f3 Mon Sep 17 00:00:00 2001
From: Didactic Drunk <1479616+didactic-drunk@users.noreply.github.com>
Date: Mon, 1 Jul 2019 06:24:26 -0700
Subject: [PATCH] Version 0.9.0

Rearrange CryptoBox.
Move Sodium::Error to it's own file.
Requiring individual files is now possible.
Individual require now possible.
---
 README.md                                       |  7 +++++--
 examples/constants.cr                           |  2 ++
 shard.yml                                       |  3 ++-
 spec/sodium/crypto_box/secret_key_spec.cr       |  1 +
 spec/sodium/digest/blake2b_spec.cr              |  1 +
 spec/sodium/kdf_spec.cr                         |  1 +
 spec/sodium/pwhash_spec.cr                      |  1 +
 spec/sodium/secret_box_spec.cr                  |  1 +
 spec/{cox_spec.cr => sodium_spec.cr}            |  1 +
 spec/spec_helper.cr                             |  3 ++-
 src/sodium.cr                                   | 13 -------------
 src/sodium/cipher/chalsa.cr                     |  6 ++++++
 src/sodium/{crypto_box/box.cr => crypto_box.cr} | 12 +++++++++---
 src/sodium/crypto_box/public_key.cr             |  3 ++-
 src/sodium/crypto_box/secret_key.cr             |  9 ++++++---
 src/sodium/digest/blake2b.cr                    |  2 ++
 src/sodium/error.cr                             | 11 +++++++++++
 src/sodium/lib_sodium.cr                        |  3 +++
 src/sodium/pwhash.cr                            |  2 ++
 src/sodium/secret_box.cr                        |  1 +
 src/sodium/sign/secret_key.cr                   |  2 ++
 src/sodium/wipe.cr                              |  6 ++++++
 22 files changed, 67 insertions(+), 24 deletions(-)
 rename spec/{cox_spec.cr => sodium_spec.cr} (85%)
 rename src/sodium/{crypto_box/box.cr => crypto_box.cr} (85%)
 create mode 100644 src/sodium/error.cr

diff --git a/README.md b/README.md
index 994f206..e8cea8f 100644
--- a/README.md
+++ b/README.md
@@ -31,7 +31,7 @@ Crystal bindings for the [libsodium API](https://libsodium.gitbook.io/doc/)
    - [ ] ChaCha20-Poly1305
 - [Hashing](https://libsodium.gitbook.io/doc/hashing)
   - [x] ☑ [Blake2b](https://libsodium.gitbook.io/doc/hashing/generic_hashing)
-    - [x] Complete implementation including `key`, `salt`, `personal` and fully selectable output sizes.
+    - [x] Complete libsodium implementation including `key`, `salt`, `personal` and fully selectable output sizes.
   - [ ] [SipHash](https://libsodium.gitbook.io/doc/hashing/short-input_hashing)
 - [Password Hashing](https://libsodium.gitbook.io/doc/password_hashing)
   - [x] [Argon2](https://libsodium.gitbook.io/doc/password_hashing/the_argon2i_function) (Use for new applications)
@@ -48,7 +48,10 @@ Crystal bindings for the [libsodium API](https://libsodium.gitbook.io/doc/)
     - [x] ChaCha20
   - [ ] [One time auth](https://libsodium.gitbook.io/doc/advanced/poly1305)
   - [ ] Padding
-  - (Partial) Semi-automatic memory wiping.
+- Library features
+  - Faster builds by requiring what you need (`require "sodium/secret_box"`)
+  - Controlled memory wiping (by calling `.close`)
+  - Semi-automatic memory wiping (on GC).
 
 ☑ Indicate specs are compared against test vectors from another source.
 
diff --git a/examples/constants.cr b/examples/constants.cr
index 6fdffdf..f27f6c7 100644
--- a/examples/constants.cr
+++ b/examples/constants.cr
@@ -1,5 +1,7 @@
 require "../src/sodium"
 
+# Print most constant values.
+
 {% for name in %w(KEY_SIZE KEY_SIZE_MIN KEY_SIZE_MAX SALT_SIZE PERSONAL_SIZE OUT_SIZE OUT_SIZE_MIN OUT_SIZE_MAX) %}
   puts "Sodium::Digest::Blake2b::{{ name.id }} #{Sodium::Digest::Blake2b::{{ name.id }}}"
 {% end %}
diff --git a/shard.yml b/shard.yml
index ace6f99..279f5a4 100644
--- a/shard.yml
+++ b/shard.yml
@@ -1,8 +1,9 @@
 name: sodium
-version: 0.1.0
+version: 0.9.0
 
 authors:
   - Andrew Hamon <andrew@hamon.cc>
+  - Didactic Drunk <1479616+didactic-drunk@users.noreply.github.com>
 
 development_dependencies:
   ghshard:
diff --git a/spec/sodium/crypto_box/secret_key_spec.cr b/spec/sodium/crypto_box/secret_key_spec.cr
index b2fe2f8..cdb7348 100644
--- a/spec/sodium/crypto_box/secret_key_spec.cr
+++ b/spec/sodium/crypto_box/secret_key_spec.cr
@@ -1,4 +1,5 @@
 require "../../spec_helper"
+require "../../../src/sodium/crypto_box/secret_key"
 
 private def new_key_bytes
   Sodium::CryptoBox::SecretKey.new.bytes
diff --git a/spec/sodium/digest/blake2b_spec.cr b/spec/sodium/digest/blake2b_spec.cr
index 11d0643..e0ef3a8 100644
--- a/spec/sodium/digest/blake2b_spec.cr
+++ b/spec/sodium/digest/blake2b_spec.cr
@@ -1,4 +1,5 @@
 require "../../spec_helper"
+require "../../../src/sodium/digest/blake2b"
 require "json"
 
 # From https://github.com/BLAKE2/BLAKE2/tree/master/testvectors
diff --git a/spec/sodium/kdf_spec.cr b/spec/sodium/kdf_spec.cr
index 5bba1d9..f8d86b2 100644
--- a/spec/sodium/kdf_spec.cr
+++ b/spec/sodium/kdf_spec.cr
@@ -1,4 +1,5 @@
 require "../spec_helper"
+require "../../src/sodium/kdf"
 
 CONTEXT = "8_bytess"
 
diff --git a/spec/sodium/pwhash_spec.cr b/spec/sodium/pwhash_spec.cr
index 3a049d2..8c7079f 100644
--- a/spec/sodium/pwhash_spec.cr
+++ b/spec/sodium/pwhash_spec.cr
@@ -1,4 +1,5 @@
 require "../spec_helper"
+require "../../src/sodium/pwhash"
 
 private def pw_min
   pwhash = Sodium::Pwhash.new
diff --git a/spec/sodium/secret_box_spec.cr b/spec/sodium/secret_box_spec.cr
index c751b50..e879fb0 100644
--- a/spec/sodium/secret_box_spec.cr
+++ b/spec/sodium/secret_box_spec.cr
@@ -1,4 +1,5 @@
 require "../spec_helper"
+require "../../src/sodium/secret_box"
 
 describe Sodium::SecretBox do
   it "encrypts/decrypts" do
diff --git a/spec/cox_spec.cr b/spec/sodium_spec.cr
similarity index 85%
rename from spec/cox_spec.cr
rename to spec/sodium_spec.cr
index ef80fe0..4a3ff60 100644
--- a/spec/cox_spec.cr
+++ b/spec/sodium_spec.cr
@@ -1,4 +1,5 @@
 require "./spec_helper"
+require "../src/sodium"
 
 describe Sodium do
   # Finished in 71 microseconds
diff --git a/spec/spec_helper.cr b/spec/spec_helper.cr
index 8c966ee..3acb2a0 100644
--- a/spec/spec_helper.cr
+++ b/spec/spec_helper.cr
@@ -1,5 +1,6 @@
 require "spec"
-require "../src/sodium"
+
+# require "../src/sodium"
 
 def check_wiped(buf : Bytes)
   GC.collect
diff --git a/src/sodium.cr b/src/sodium.cr
index 3d3646c..9916533 100644
--- a/src/sodium.cr
+++ b/src/sodium.cr
@@ -1,17 +1,4 @@
-require "random/secure"
-
 module Sodium
-  class Error < ::Exception
-    class VerificationFailed < Error
-    end
-
-    class DecryptionFailed < Error
-    end
-  end
-
-  def self.memzero(bytes : Bytes)
-    LibSodium.sodium_memzero bytes, bytes.bytesize
-  end
 end
 
 require "./sodium/**"
diff --git a/src/sodium/cipher/chalsa.cr b/src/sodium/cipher/chalsa.cr
index 234c441..74954be 100644
--- a/src/sodium/cipher/chalsa.cr
+++ b/src/sodium/cipher/chalsa.cr
@@ -1,10 +1,16 @@
 require "../lib_sodium"
+require "../wipe"
 
 module Sodium::Cipher
   # The great beat you can eat!
   #
   # What? They're both dance?
+  #
+  # WARNING: This class takes ownership of any key material passed to it.
+  #
+  # WARNING: Not validated against test vectors.  You should probably write some before using.
   abstract class Chalsa
+    @[Wipe::Var]
     @key : Bytes?
     @nonce : Bytes?
 
diff --git a/src/sodium/crypto_box/box.cr b/src/sodium/crypto_box.cr
similarity index 85%
rename from src/sodium/crypto_box/box.cr
rename to src/sodium/crypto_box.cr
index a991e17..167a789 100644
--- a/src/sodium/crypto_box/box.cr
+++ b/src/sodium/crypto_box.cr
@@ -1,7 +1,9 @@
-require "../lib_sodium"
+require "./lib_sodium"
+require "./wipe"
+require "./crypto_box/secret_key"
 
-module Sodium::CryptoBox
-  class Box
+module Sodium
+  class CryptoBox
     include Wipe
 
     MAC_SIZE = LibSodium.crypto_box_macbytes
@@ -25,6 +27,10 @@ module Sodium::CryptoBox
       {nonce, dst}
     end
 
+    def decrypt_easy(src)
+      decrypt_easy src.to_slice
+    end
+
     def decrypt_easy(src : Bytes, dst = Bytes.new(src.bytesize - MAC_SIZE), nonce = Nonce.new) : Bytes
       if LibSodium.crypto_box_open_easy(dst, src, src.bytesize, nonce.to_slice, @public_key.to_slice, @secret_key.to_slice) != 0
         raise Error::DecryptionFailed.new("crypto_box_open_easy")
diff --git a/src/sodium/crypto_box/public_key.cr b/src/sodium/crypto_box/public_key.cr
index d5fab78..4639f3c 100644
--- a/src/sodium/crypto_box/public_key.cr
+++ b/src/sodium/crypto_box/public_key.cr
@@ -1,6 +1,7 @@
 require "../lib_sodium"
+require "../key"
 
-module Sodium::CryptoBox
+class Sodium::CryptoBox
   class PublicKey < Key
     KEY_SIZE  = LibSodium.crypto_box_publickeybytes
     SEAL_SIZE = LibSodium.crypto_box_sealbytes
diff --git a/src/sodium/crypto_box/secret_key.cr b/src/sodium/crypto_box/secret_key.cr
index b05a78f..7813c7b 100644
--- a/src/sodium/crypto_box/secret_key.cr
+++ b/src/sodium/crypto_box/secret_key.cr
@@ -1,6 +1,9 @@
 require "../lib_sodium"
+require "../key"
+require "./public_key"
+require "../crypto_box"
 
-module Sodium::CryptoBox
+class Sodium::CryptoBox
   # Key used for encryption + authentication or encryption without authentication, not for unencrypted signing.
   #
   # WARNING: This class takes ownership of any key material passed to it.
@@ -53,8 +56,8 @@ module Sodium::CryptoBox
     end
 
     # Return a Box containing a precomputed shared secret for use with authenticated encryption/decryption.
-    def box(public_key) : Box
-      Box.new self, public_key
+    def box(public_key) : CryptoBox
+      CryptoBox.new self, public_key
     end
 
     # Create a new box and automatically close when the block exits.
diff --git a/src/sodium/digest/blake2b.cr b/src/sodium/digest/blake2b.cr
index 98212d8..3968ba9 100644
--- a/src/sodium/digest/blake2b.cr
+++ b/src/sodium/digest/blake2b.cr
@@ -1,3 +1,5 @@
+require "../lib_sodium"
+require "../wipe"
 require "openssl/digest/digest_base"
 
 module Sodium::Digest
diff --git a/src/sodium/error.cr b/src/sodium/error.cr
new file mode 100644
index 0000000..68c5cff
--- /dev/null
+++ b/src/sodium/error.cr
@@ -0,0 +1,11 @@
+require "random/secure"
+
+module Sodium
+  class Error < ::Exception
+    class VerificationFailed < Error
+    end
+
+    class DecryptionFailed < Error
+    end
+  end
+end
diff --git a/src/sodium/lib_sodium.cr b/src/sodium/lib_sodium.cr
index 9d24234..44bd0e9 100644
--- a/src/sodium/lib_sodium.cr
+++ b/src/sodium/lib_sodium.cr
@@ -1,3 +1,6 @@
+require "random/secure"
+require "./error"
+
 module Sodium
   @[Link(ldflags: "`#{__DIR__}/../../build/pkg-libs.sh #{__DIR__}/../..`")]
   lib LibSodium
diff --git a/src/sodium/pwhash.cr b/src/sodium/pwhash.cr
index 48702f6..7b61df0 100644
--- a/src/sodium/pwhash.cr
+++ b/src/sodium/pwhash.cr
@@ -1,3 +1,5 @@
+require "./lib_sodium"
+
 module Sodium
   # [Argon2 Password Hashing](https://libsodium.gitbook.io/doc/password_hashing/the_argon2i_function)
   # * #store #verify #needs_rehash? are used together for password verification.
diff --git a/src/sodium/secret_box.cr b/src/sodium/secret_box.cr
index 885d7bd..2f59b4b 100644
--- a/src/sodium/secret_box.cr
+++ b/src/sodium/secret_box.cr
@@ -1,4 +1,5 @@
 require "./lib_sodium"
+require "./key"
 
 module Sodium
   # [https://libsodium.gitbook.io/doc/secret-key_cryptography](https://libsodium.gitbook.io/doc/secret-key_cryptography)
diff --git a/src/sodium/sign/secret_key.cr b/src/sodium/sign/secret_key.cr
index db7700c..a2e68cb 100644
--- a/src/sodium/sign/secret_key.cr
+++ b/src/sodium/sign/secret_key.cr
@@ -1,4 +1,6 @@
 require "../lib_sodium"
+require "../key"
+require "./public_key"
 
 module Sodium
   # Key used for signing/verification only.
diff --git a/src/sodium/wipe.cr b/src/sodium/wipe.cr
index 798a90b..2985cc0 100644
--- a/src/sodium/wipe.cr
+++ b/src/sodium/wipe.cr
@@ -1,3 +1,9 @@
+module Sodium
+  def self.memzero(bytes : Bytes)
+    LibSodium.sodium_memzero bytes, bytes.bytesize
+  end
+end
+
 module Sodium::Wipe
   annotation Var
   end