From cfd8a10b6ba99e3395d3868baa3ff4e74dc53f0c Mon Sep 17 00:00:00 2001 From: Didactic Drunk <1479616+didactic-drunk@users.noreply.github.com> Date: Mon, 8 Jul 2019 13:24:25 -0700 Subject: [PATCH] Blake2b accepts a SecureBuffer key. More public constructors for SecretBox. --- src/sodium/digest/blake2b.cr | 13 +++++++------ src/sodium/secret_box.cr | 4 ++-- src/sodium/secure_buffer.cr | 2 ++ 3 files changed, 11 insertions(+), 8 deletions(-) diff --git a/src/sodium/digest/blake2b.cr b/src/sodium/digest/blake2b.cr index 3968ba9..22caee2 100644 --- a/src/sodium/digest/blake2b.cr +++ b/src/sodium/digest/blake2b.cr @@ -19,13 +19,13 @@ module Sodium::Digest include OpenSSL::DigestBase include Wipe - KEY_SIZE = LibSodium.crypto_generichash_blake2b_keybytes # 32 - KEY_SIZE_MIN = LibSodium.crypto_generichash_blake2b_keybytes_min # 16 - KEY_SIZE_MAX = LibSodium.crypto_generichash_blake2b_keybytes_max # 64 + KEY_SIZE = LibSodium.crypto_generichash_blake2b_keybytes.to_i # 32 + KEY_SIZE_MIN = LibSodium.crypto_generichash_blake2b_keybytes_min.to_i # 16 + KEY_SIZE_MAX = LibSodium.crypto_generichash_blake2b_keybytes_max.to_i # 64 - SALT_SIZE = LibSodium.crypto_generichash_blake2b_saltbytes # 16 + SALT_SIZE = LibSodium.crypto_generichash_blake2b_saltbytes.to_i # 16 - PERSONAL_SIZE = LibSodium.crypto_generichash_blake2b_personalbytes # 16 + PERSONAL_SIZE = LibSodium.crypto_generichash_blake2b_personalbytes.to_i # 16 OUT_SIZE = LibSodium.crypto_generichash_blake2b_bytes.to_i32 # 32 OUT_SIZE_MIN = LibSodium.crypto_generichash_blake2b_bytes_min.to_i32 # 16 @@ -50,8 +50,9 @@ module Sodium::Digest # # `key`, `salt`, and `personal` are all optional. Most other libsodium bindings don't support them. # Check the other implementation(s) you need to interoperate with before using. - def initialize(@digest_size : Int32 = OUT_SIZE, key : Bytes? = nil, salt : Bytes? = nil, personal : Bytes? = nil) + def initialize(@digest_size : Int32 = OUT_SIZE, key : Bytes? | SecureBuffer? = nil, salt : Bytes? = nil, personal : Bytes? = nil) if k = key + k = k.to_slice raise ArgumentError.new("key larger than KEY_SIZE_MAX(#{KEY_SIZE_MAX}), got #{k.bytesize}") if k.bytesize > KEY_SIZE_MAX @key_size = k.bytesize k.copy_to @key.to_slice diff --git a/src/sodium/secret_box.cr b/src/sodium/secret_box.cr index c97e21c..bf50a47 100644 --- a/src/sodium/secret_box.cr +++ b/src/sodium/secret_box.cr @@ -30,7 +30,7 @@ module Sodium end # Use an existing SecureBuffer. - protected def initialize(@buf : SecureBuffer) + def initialize(@buf : SecureBuffer) if @buf.bytesize != KEY_SIZE raise ArgumentError.new("Secret key must be #{KEY_SIZE} bytes, got #{@buf.bytesize}") end @@ -40,7 +40,7 @@ module Sodium # Copy bytes to a new SecureBuffer # # Optionally erases bytes after copying if erase is set - protected def initialize(bytes : Bytes, erase = false) + def initialize(bytes : Bytes, erase = false) if bytes.bytesize != KEY_SIZE raise ArgumentError.new("Secret key must be #{KEY_SIZE} bytes, got #{bytes.bytesize}") end diff --git a/src/sodium/secure_buffer.cr b/src/sodium/secure_buffer.cr index 377b70d..b3fda58 100644 --- a/src/sodium/secure_buffer.cr +++ b/src/sodium/secure_buffer.cr @@ -5,6 +5,8 @@ module Sodium class SecureBuffer getter bytesize + delegate :+, :[], to: to_slice + # Allocate guarded memory using [sodium_malloc](https://libsodium.gitbook.io/doc/memory_management) def initialize(@bytesize : Int32) @ptr = LibSodium.sodium_malloc @bytesize