Sign experimental combined signatures

This commit is contained in:
Didactic Drunk 2022-04-28 01:54:46 -07:00
parent 24ffdce5c3
commit 98c3a2bff4
2 changed files with 28 additions and 16 deletions

View File

@ -10,24 +10,40 @@ module Sodium
# :nodoc:
# Only used by SecretKey
def initialize
@bytes = Bytes.new(KEY_SIZE)
def self.new
new Bytes.new(KEY_SIZE)
end
# Maintains reference to *bytes*
def initialize(@bytes : Bytes)
if bytes.bytesize != KEY_SIZE
raise ArgumentError.new("Public key must be #{KEY_SIZE} bytes, got #{bytes.bytesize}")
end
end
# Verify signature made by `secret_key.sign(message)`
# Verify and return a copy of the message data
# Raises on verification failure.
#
# WARNING: returns pointer to message within messagesig (zerocopy)
# If you reuse messagesig, `#dup` the returned message
# `secret_key.verify(messagesig).dup`
@[Experimental]
def verify(messagesig) : Bytes
def verify(message) : Bytes
verify_zc(message).dup
end
# Verify and return a String with the copied message data
# Raises on verification failure.
@[Experimental]
def verify_string(message) : String
String.new(verify_zc(message))
end
# Verify and return a zero copy reference to the message data
# Raises on verification failure.
@[Experimental]
def verify_zc(message) : Bytes
verify message.to_slice
end
# :nodoc:
def verify_zc(messagesig) : Bytes
messagesig = messagesig.to_slice
bs = messagesig.bytesize
raise Sodium::Error::VerificationFailed.new("message shorter than SIG_SIZE") unless bs >= SIG_SIZE
@ -39,11 +55,6 @@ module Sodium
message
end
@[Experimental]
def verify_string(messagesig) : String
String.new(verify(messagesig))
end
# Verify signature made by `secret_key.sign_detached(message)`
# Raises on verification failure.
def verify_detached(message, sig) : Nil

View File

@ -64,6 +64,7 @@ module Sodium
end
# Derive a new secret/public key pair based on a consistent seed.
# References passed SecureBuffer
def initialize(*, seed : SecureBuffer)
raise ArgumentError.new("Secret sign seed must be #{SEED_SIZE}, got #{seed.bytesize}") unless seed.bytesize == SEED_SIZE
@seed = seed
@ -79,7 +80,7 @@ module Sodium
end
end
getter seed : Crypto::Secret? do
getter seed : Crypto::Secret do
SecureBuffer.new(SEED_SIZE).tap do |seed_buf|
@key.readonly do |kslice|
seed_buf.readwrite do |seed_slice|
@ -92,8 +93,8 @@ module Sodium
end
# Signs message and returns a combined signature.
# Verify using `secret_key.public_key.verify(messagesig).dup`
# See warning about object reuse in `#verify` if you don't `#dup`
# Verify using `secret_key.public_key.verify(messagesig)`
# Other `verify` methods exist. Review the docs and choose carefully
@[Experimental]
def sign(message) : Bytes
message = message.to_slice