From 92ac0ef6d4f784e6aaf19544a06ba6b7b82db5f3 Mon Sep 17 00:00:00 2001 From: Didactic Drunk <1479616+didactic-drunk@users.noreply.github.com> Date: Mon, 1 Jul 2019 06:24:26 -0700 Subject: [PATCH] Version 0.9.0 Rearrange CryptoBox. Move Sodium::Error to it's own file. Requiring individual files is now possible. Individual require now possible. --- README.md | 7 +++++-- examples/constants.cr | 2 ++ shard.yml | 3 ++- spec/sodium/crypto_box/secret_key_spec.cr | 1 + spec/sodium/digest/blake2b_spec.cr | 1 + spec/sodium/kdf_spec.cr | 1 + spec/sodium/pwhash_spec.cr | 1 + spec/sodium/secret_box_spec.cr | 1 + spec/{cox_spec.cr => sodium_spec.cr} | 1 + spec/spec_helper.cr | 3 ++- src/sodium.cr | 13 ------------- src/sodium/cipher/chalsa.cr | 6 ++++++ src/sodium/{crypto_box/box.cr => crypto_box.cr} | 12 +++++++++--- src/sodium/crypto_box/public_key.cr | 3 ++- src/sodium/crypto_box/secret_key.cr | 9 ++++++--- src/sodium/digest/blake2b.cr | 2 ++ src/sodium/error.cr | 11 +++++++++++ src/sodium/lib_sodium.cr | 3 +++ src/sodium/pwhash.cr | 2 ++ src/sodium/secret_box.cr | 1 + src/sodium/sign/secret_key.cr | 2 ++ src/sodium/wipe.cr | 6 ++++++ 22 files changed, 67 insertions(+), 24 deletions(-) rename spec/{cox_spec.cr => sodium_spec.cr} (85%) rename src/sodium/{crypto_box/box.cr => crypto_box.cr} (85%) create mode 100644 src/sodium/error.cr diff --git a/README.md b/README.md index 994f206..e8cea8f 100644 --- a/README.md +++ b/README.md @@ -31,7 +31,7 @@ Crystal bindings for the [libsodium API](https://libsodium.gitbook.io/doc/) - [ ] ChaCha20-Poly1305 - [Hashing](https://libsodium.gitbook.io/doc/hashing) - [x] ☑ [Blake2b](https://libsodium.gitbook.io/doc/hashing/generic_hashing) - - [x] Complete implementation including `key`, `salt`, `personal` and fully selectable output sizes. + - [x] Complete libsodium implementation including `key`, `salt`, `personal` and fully selectable output sizes. - [ ] [SipHash](https://libsodium.gitbook.io/doc/hashing/short-input_hashing) - [Password Hashing](https://libsodium.gitbook.io/doc/password_hashing) - [x] [Argon2](https://libsodium.gitbook.io/doc/password_hashing/the_argon2i_function) (Use for new applications) @@ -48,7 +48,10 @@ Crystal bindings for the [libsodium API](https://libsodium.gitbook.io/doc/) - [x] ChaCha20 - [ ] [One time auth](https://libsodium.gitbook.io/doc/advanced/poly1305) - [ ] Padding - - (Partial) Semi-automatic memory wiping. +- Library features + - Faster builds by requiring what you need (`require "sodium/secret_box"`) + - Controlled memory wiping (by calling `.close`) + - Semi-automatic memory wiping (on GC). ☑ Indicate specs are compared against test vectors from another source. diff --git a/examples/constants.cr b/examples/constants.cr index 6fdffdf..f27f6c7 100644 --- a/examples/constants.cr +++ b/examples/constants.cr @@ -1,5 +1,7 @@ require "../src/sodium" +# Print most constant values. + {% for name in %w(KEY_SIZE KEY_SIZE_MIN KEY_SIZE_MAX SALT_SIZE PERSONAL_SIZE OUT_SIZE OUT_SIZE_MIN OUT_SIZE_MAX) %} puts "Sodium::Digest::Blake2b::{{ name.id }} #{Sodium::Digest::Blake2b::{{ name.id }}}" {% end %} diff --git a/shard.yml b/shard.yml index ace6f99..279f5a4 100644 --- a/shard.yml +++ b/shard.yml @@ -1,8 +1,9 @@ name: sodium -version: 0.1.0 +version: 0.9.0 authors: - Andrew Hamon + - Didactic Drunk <1479616+didactic-drunk@users.noreply.github.com> development_dependencies: ghshard: diff --git a/spec/sodium/crypto_box/secret_key_spec.cr b/spec/sodium/crypto_box/secret_key_spec.cr index b2fe2f8..cdb7348 100644 --- a/spec/sodium/crypto_box/secret_key_spec.cr +++ b/spec/sodium/crypto_box/secret_key_spec.cr @@ -1,4 +1,5 @@ require "../../spec_helper" +require "../../../src/sodium/crypto_box/secret_key" private def new_key_bytes Sodium::CryptoBox::SecretKey.new.bytes diff --git a/spec/sodium/digest/blake2b_spec.cr b/spec/sodium/digest/blake2b_spec.cr index 11d0643..e0ef3a8 100644 --- a/spec/sodium/digest/blake2b_spec.cr +++ b/spec/sodium/digest/blake2b_spec.cr @@ -1,4 +1,5 @@ require "../../spec_helper" +require "../../../src/sodium/digest/blake2b" require "json" # From https://github.com/BLAKE2/BLAKE2/tree/master/testvectors diff --git a/spec/sodium/kdf_spec.cr b/spec/sodium/kdf_spec.cr index 5bba1d9..f8d86b2 100644 --- a/spec/sodium/kdf_spec.cr +++ b/spec/sodium/kdf_spec.cr @@ -1,4 +1,5 @@ require "../spec_helper" +require "../../src/sodium/kdf" CONTEXT = "8_bytess" diff --git a/spec/sodium/pwhash_spec.cr b/spec/sodium/pwhash_spec.cr index 3a049d2..8c7079f 100644 --- a/spec/sodium/pwhash_spec.cr +++ b/spec/sodium/pwhash_spec.cr @@ -1,4 +1,5 @@ require "../spec_helper" +require "../../src/sodium/pwhash" private def pw_min pwhash = Sodium::Pwhash.new diff --git a/spec/sodium/secret_box_spec.cr b/spec/sodium/secret_box_spec.cr index c751b50..e879fb0 100644 --- a/spec/sodium/secret_box_spec.cr +++ b/spec/sodium/secret_box_spec.cr @@ -1,4 +1,5 @@ require "../spec_helper" +require "../../src/sodium/secret_box" describe Sodium::SecretBox do it "encrypts/decrypts" do diff --git a/spec/cox_spec.cr b/spec/sodium_spec.cr similarity index 85% rename from spec/cox_spec.cr rename to spec/sodium_spec.cr index ef80fe0..4a3ff60 100644 --- a/spec/cox_spec.cr +++ b/spec/sodium_spec.cr @@ -1,4 +1,5 @@ require "./spec_helper" +require "../src/sodium" describe Sodium do # Finished in 71 microseconds diff --git a/spec/spec_helper.cr b/spec/spec_helper.cr index 8c966ee..3acb2a0 100644 --- a/spec/spec_helper.cr +++ b/spec/spec_helper.cr @@ -1,5 +1,6 @@ require "spec" -require "../src/sodium" + +# require "../src/sodium" def check_wiped(buf : Bytes) GC.collect diff --git a/src/sodium.cr b/src/sodium.cr index 3d3646c..9916533 100644 --- a/src/sodium.cr +++ b/src/sodium.cr @@ -1,17 +1,4 @@ -require "random/secure" - module Sodium - class Error < ::Exception - class VerificationFailed < Error - end - - class DecryptionFailed < Error - end - end - - def self.memzero(bytes : Bytes) - LibSodium.sodium_memzero bytes, bytes.bytesize - end end require "./sodium/**" diff --git a/src/sodium/cipher/chalsa.cr b/src/sodium/cipher/chalsa.cr index 234c441..74954be 100644 --- a/src/sodium/cipher/chalsa.cr +++ b/src/sodium/cipher/chalsa.cr @@ -1,10 +1,16 @@ require "../lib_sodium" +require "../wipe" module Sodium::Cipher # The great beat you can eat! # # What? They're both dance? + # + # WARNING: This class takes ownership of any key material passed to it. + # + # WARNING: Not validated against test vectors. You should probably write some before using. abstract class Chalsa + @[Wipe::Var] @key : Bytes? @nonce : Bytes? diff --git a/src/sodium/crypto_box/box.cr b/src/sodium/crypto_box.cr similarity index 85% rename from src/sodium/crypto_box/box.cr rename to src/sodium/crypto_box.cr index a991e17..167a789 100644 --- a/src/sodium/crypto_box/box.cr +++ b/src/sodium/crypto_box.cr @@ -1,7 +1,9 @@ -require "../lib_sodium" +require "./lib_sodium" +require "./wipe" +require "./crypto_box/secret_key" -module Sodium::CryptoBox - class Box +module Sodium + class CryptoBox include Wipe MAC_SIZE = LibSodium.crypto_box_macbytes @@ -25,6 +27,10 @@ module Sodium::CryptoBox {nonce, dst} end + def decrypt_easy(src) + decrypt_easy src.to_slice + end + def decrypt_easy(src : Bytes, dst = Bytes.new(src.bytesize - MAC_SIZE), nonce = Nonce.new) : Bytes if LibSodium.crypto_box_open_easy(dst, src, src.bytesize, nonce.to_slice, @public_key.to_slice, @secret_key.to_slice) != 0 raise Error::DecryptionFailed.new("crypto_box_open_easy") diff --git a/src/sodium/crypto_box/public_key.cr b/src/sodium/crypto_box/public_key.cr index d5fab78..4639f3c 100644 --- a/src/sodium/crypto_box/public_key.cr +++ b/src/sodium/crypto_box/public_key.cr @@ -1,6 +1,7 @@ require "../lib_sodium" +require "../key" -module Sodium::CryptoBox +class Sodium::CryptoBox class PublicKey < Key KEY_SIZE = LibSodium.crypto_box_publickeybytes SEAL_SIZE = LibSodium.crypto_box_sealbytes diff --git a/src/sodium/crypto_box/secret_key.cr b/src/sodium/crypto_box/secret_key.cr index b05a78f..7813c7b 100644 --- a/src/sodium/crypto_box/secret_key.cr +++ b/src/sodium/crypto_box/secret_key.cr @@ -1,6 +1,9 @@ require "../lib_sodium" +require "../key" +require "./public_key" +require "../crypto_box" -module Sodium::CryptoBox +class Sodium::CryptoBox # Key used for encryption + authentication or encryption without authentication, not for unencrypted signing. # # WARNING: This class takes ownership of any key material passed to it. @@ -53,8 +56,8 @@ module Sodium::CryptoBox end # Return a Box containing a precomputed shared secret for use with authenticated encryption/decryption. - def box(public_key) : Box - Box.new self, public_key + def box(public_key) : CryptoBox + CryptoBox.new self, public_key end # Create a new box and automatically close when the block exits. diff --git a/src/sodium/digest/blake2b.cr b/src/sodium/digest/blake2b.cr index 98212d8..3968ba9 100644 --- a/src/sodium/digest/blake2b.cr +++ b/src/sodium/digest/blake2b.cr @@ -1,3 +1,5 @@ +require "../lib_sodium" +require "../wipe" require "openssl/digest/digest_base" module Sodium::Digest diff --git a/src/sodium/error.cr b/src/sodium/error.cr new file mode 100644 index 0000000..68c5cff --- /dev/null +++ b/src/sodium/error.cr @@ -0,0 +1,11 @@ +require "random/secure" + +module Sodium + class Error < ::Exception + class VerificationFailed < Error + end + + class DecryptionFailed < Error + end + end +end diff --git a/src/sodium/lib_sodium.cr b/src/sodium/lib_sodium.cr index 9d24234..44bd0e9 100644 --- a/src/sodium/lib_sodium.cr +++ b/src/sodium/lib_sodium.cr @@ -1,3 +1,6 @@ +require "random/secure" +require "./error" + module Sodium @[Link(ldflags: "`#{__DIR__}/../../build/pkg-libs.sh #{__DIR__}/../..`")] lib LibSodium diff --git a/src/sodium/pwhash.cr b/src/sodium/pwhash.cr index 48702f6..7b61df0 100644 --- a/src/sodium/pwhash.cr +++ b/src/sodium/pwhash.cr @@ -1,3 +1,5 @@ +require "./lib_sodium" + module Sodium # [Argon2 Password Hashing](https://libsodium.gitbook.io/doc/password_hashing/the_argon2i_function) # * #store #verify #needs_rehash? are used together for password verification. diff --git a/src/sodium/secret_box.cr b/src/sodium/secret_box.cr index 885d7bd..2f59b4b 100644 --- a/src/sodium/secret_box.cr +++ b/src/sodium/secret_box.cr @@ -1,4 +1,5 @@ require "./lib_sodium" +require "./key" module Sodium # [https://libsodium.gitbook.io/doc/secret-key_cryptography](https://libsodium.gitbook.io/doc/secret-key_cryptography) diff --git a/src/sodium/sign/secret_key.cr b/src/sodium/sign/secret_key.cr index db7700c..a2e68cb 100644 --- a/src/sodium/sign/secret_key.cr +++ b/src/sodium/sign/secret_key.cr @@ -1,4 +1,6 @@ require "../lib_sodium" +require "../key" +require "./public_key" module Sodium # Key used for signing/verification only. diff --git a/src/sodium/wipe.cr b/src/sodium/wipe.cr index 798a90b..2985cc0 100644 --- a/src/sodium/wipe.cr +++ b/src/sodium/wipe.cr @@ -1,3 +1,9 @@ +module Sodium + def self.memzero(bytes : Bytes) + LibSodium.sodium_memzero bytes, bytes.bytesize + end +end + module Sodium::Wipe annotation Var end