Compare commits
	
		
			10 commits
		
	
	
		
			475ce2e5c8
			...
			2e1856fedb
		
	
	| Author | SHA1 | Date | |
|---|---|---|---|
|   | 2e1856fedb | ||
|   | 8db8b410a2 | ||
|   | 527ffe9c06 | ||
|   | e58c7e43e2 | ||
|   | 28b5467602 | ||
|   | cc21ca0aba | ||
|   | e350f5ad4b | ||
|   | 2893c5525d | ||
|   | 24c5a4170d | ||
|   | 5e03d23ed9 | 
					 11 changed files with 121 additions and 83 deletions
				
			
		|  | @ -3,34 +3,33 @@ require "random/pcg32" | |||
| require "random/isaac" | ||||
| require "../src/sodium/cipher/chalsa" | ||||
| 
 | ||||
| pcgrand = Random::PCG32.new 0 | ||||
| isaacrand = Random::ISAAC.new Bytes.new(32) | ||||
| randoms = { | ||||
|   "PCG"    => Random::PCG32.new(0), | ||||
|   "ISAAC"  => Random::ISAAC.new(Bytes.new(32)), | ||||
|   "Secure" => Random::Secure, | ||||
| } | ||||
| 
 | ||||
| ciphers = {{ Sodium::Cipher::Chalsa.subclasses }}.map do |klass| | ||||
|   cipher = klass.new.tap do |c| | ||||
|     c.key = Bytes.new c.key_size | ||||
|     c.nonce = Bytes.new c.nonce_size | ||||
|   end | ||||
|   key = Bytes.new klass.key_size | ||||
|   nonce = Bytes.new klass.nonce_size | ||||
|   cipher = klass.new key, nonce | ||||
| 
 | ||||
|   # {short_name, cipher} | ||||
|   {klass.to_s.split("::").last, cipher} | ||||
| end.to_a | ||||
| # p ciphers | ||||
| 
 | ||||
| buf = Bytes.new 1024 | ||||
| 
 | ||||
| Benchmark.ips warmup: 0.5 do |bm| | ||||
|   bm.report "PCG32" do | ||||
|     pcgrand.random_bytes buf | ||||
|   end | ||||
| 
 | ||||
|   bm.report "ISAAC" do | ||||
|     isaacrand.random_bytes buf | ||||
|   end | ||||
| 
 | ||||
|   ciphers.each do |name, cipher| | ||||
|   randoms.each do |name, random| | ||||
|     bm.report "#{name}" do | ||||
|       cipher.random_bytes buf | ||||
|       random.random_bytes buf | ||||
|     end | ||||
|   end | ||||
| 
 | ||||
|   ciphers.each do |name, random| | ||||
|     bm.report "#{name}" do | ||||
|       random.random_bytes buf | ||||
|     end | ||||
|   end | ||||
| end | ||||
|  |  | |||
|  | @ -1,7 +1,8 @@ | |||
|        PCG32 606.78k (  1.65µs) (± 1.07%)  0.0B/op   4.19× slower | ||||
|        ISAAC 373.63k (  2.68µs) (± 1.95%)  0.0B/op   6.80× slower | ||||
|     XSalsa20   1.84M (544.61ns) (± 1.17%)  0.0B/op   1.38× slower | ||||
|      Salsa20   2.37M (421.53ns) (± 1.24%)  0.0B/op   1.07× slower | ||||
|    XChaCha20   1.88M (530.86ns) (± 1.46%)  0.0B/op   1.35× slower | ||||
| ChaCha20Ietf   2.54M (393.65ns) (± 1.22%)  0.0B/op        fastest | ||||
|     ChaCha20   2.51M (398.58ns) (± 1.73%)  0.0B/op   1.01× slower | ||||
|          PCG   1.29M (776.49ns) (± 1.13%)  0.0B/op   1.07× slower | ||||
|        ISAAC 530.69k (  1.88µs) (± 0.98%)  0.0B/op   2.60× slower | ||||
|       Secure 318.19k (  3.14µs) (± 2.30%)  0.0B/op   4.33× slower | ||||
|     XSalsa20   1.04M (960.42ns) (± 1.34%)  0.0B/op   1.32× slower | ||||
|      Salsa20   1.16M (862.14ns) (± 1.29%)  0.0B/op   1.19× slower | ||||
|    XChaCha20   1.22M (818.52ns) (± 1.86%)  0.0B/op   1.13× slower | ||||
| ChaCha20Ietf   1.38M (726.43ns) (± 1.28%)  0.0B/op   1.00× slower | ||||
|     ChaCha20   1.38M (725.47ns) (± 1.33%)  0.0B/op        fastest | ||||
|  |  | |||
|  | @ -17,6 +17,14 @@ puts "" | |||
| {% end %} | ||||
| puts "" | ||||
| 
 | ||||
| {% for sk in [Sodium::CryptoBox::SecretKey, Sodium::Sign::SecretKey] %} | ||||
|   sk = {{sk.id}}.new | ||||
|   pk = sk.public_key | ||||
| #  puts "#{sk.class} bytesize #{sk.to_slice.bytesize}" | ||||
|   puts "#{pk.class} bytesize #{pk.to_slice.bytesize}" | ||||
| {% end %} | ||||
| puts "" | ||||
| 
 | ||||
| {% for name in %w(KEY_SIZE NONCE_SIZE MAC_SIZE) %} | ||||
|   puts "Sodium::SecretBox::{{ name.id }} #{Sodium::SecretBox::{{ name.id }}}" | ||||
| {% end %} | ||||
|  | @ -47,9 +55,8 @@ puts "" | |||
| {% end %} | ||||
| puts "" | ||||
| 
 | ||||
| {% for sk in [Sodium::CryptoBox::SecretKey, Sodium::Sign::SecretKey] %} | ||||
|   sk = {{sk.id}}.new | ||||
|   pk = sk.public_key | ||||
|   puts "#{sk.class} bytesize #{sk.to_slice.bytesize}" | ||||
|   puts "#{pk.class} bytesize #{pk.to_slice.bytesize}" | ||||
| {% for name in %w(XChaCha20 ChaCha20Ietf ChaCha20 XSalsa20 Salsa20) %} | ||||
|   c = Sodium::Cipher::{{name.id}}.random | ||||
| #  puts "#{c.class} key_size #{c.key_size}" | ||||
|   puts "#{c.class} nonce_size #{c.nonce_size}" | ||||
| {% end %} | ||||
|  |  | |||
|  | @ -19,6 +19,13 @@ require "../../../src/sodium/cipher/chalsa" | |||
|       cipher2.final.should eq Bytes.new(0) | ||||
|     end | ||||
| 
 | ||||
|     it "Random" do | ||||
|       cipher = Sodium::Cipher::{{ name.id }}.random | ||||
|       cipher.random_bytes(8).should_not eq(cipher.random_bytes(8)) | ||||
|       r = 3.times.map { cipher.rand(65536) }.sum | ||||
|       r.should_not eq(0) | ||||
|     end | ||||
| 
 | ||||
|     it "dups" do | ||||
|       cipher1 = Sodium::Cipher::{{ name.id }}.new Bytes.new(Sodium::Cipher::{{ name.id }}::KEY_SIZE) | ||||
|       cipher2 = cipher1.dup | ||||
|  |  | |||
|  | @ -5,11 +5,11 @@ CONTEXT = "8_bytess" | |||
| 
 | ||||
| describe Sodium::Kdf do | ||||
|   it "generates master key" do | ||||
|     kdf1 = Sodium::Kdf.new | ||||
|     kdf1 = Sodium::Kdf.random | ||||
| 
 | ||||
|     # verify loading saved key | ||||
|     kdf2 = kdf1.key.readonly do |kslice| | ||||
|       Sodium::Kdf.new kslice.dup | ||||
|       Sodium::Kdf.copy_key_from kslice.dup | ||||
|     end | ||||
| 
 | ||||
|     kdf1.key.should eq kdf2.key | ||||
|  | @ -21,7 +21,7 @@ describe Sodium::Kdf do | |||
|   end | ||||
| 
 | ||||
|   it "generates different keys" do | ||||
|     kdf1 = Sodium::Kdf.new | ||||
|     kdf1 = Sodium::Kdf.random | ||||
|     subkey1 = kdf1.derive CONTEXT, 0, 16 | ||||
|     subkey2 = kdf1.derive CONTEXT, 1, 16 | ||||
|     subkey1.should_not eq subkey2 | ||||
|  |  | |||
|  | @ -98,6 +98,9 @@ describe Sodium::Sign::SecretKey do | |||
|     end | ||||
|   end | ||||
| 
 | ||||
|   pending "combined test vectors" do | ||||
|   end | ||||
| 
 | ||||
|   it "RbNaCl detached test vectors" do | ||||
|     detached_test_vectors.each do |vec| | ||||
|       seckey, plaintext, signature = sign_from_vec vec | ||||
|  |  | |||
|  | @ -6,15 +6,17 @@ module Sodium::Cipher | |||
|   # | ||||
|   # What? They're both dance? | ||||
|   abstract class Chalsa | ||||
|     include Random | ||||
| 
 | ||||
|     getter key : Crypto::Secret | ||||
|     getter! nonce : Bytes? | ||||
| 
 | ||||
|     # Advanced usage.  Don't touch. | ||||
|     property offset = 0 | ||||
|     property offset = 0_u64 | ||||
| 
 | ||||
|     def initialize(key : Crypto::Secret | Bytes, nonce = nil) | ||||
|       raise ArgumentError.new("key must be #{key_size} bytes, got #{key.bytesize}") if key.bytesize != key_size | ||||
|       @key = key.is_a?(Crypto::Secret) ? key : Sodium::SecureBuffer.new(key) | ||||
|       @key = key.is_a?(Crypto::Secret) ? key : Sodium::SecureBuffer.copy_from(key) | ||||
|       self.nonce = nonce if nonce | ||||
|     end | ||||
| 
 | ||||
|  | @ -42,7 +44,7 @@ module Sodium::Cipher | |||
|     end | ||||
| 
 | ||||
|     def random_nonce | ||||
|       self.nonce = Random::Secure.random_bytes nonce_size | ||||
|       self.nonce = ::Random::Secure.random_bytes nonce_size | ||||
|     end | ||||
| 
 | ||||
|     # Xor's src with the cipher output and returns a new Slice | ||||
|  | @ -60,17 +62,14 @@ module Sodium::Cipher | |||
| 
 | ||||
|     # Use as a CSPRNG. | ||||
|     def random_bytes(bytes : Bytes) : Bytes | ||||
|       # TODO: Switch to memset | ||||
|       Sodium.memzero bytes | ||||
|       update bytes, bytes | ||||
|       bytes | ||||
|     end | ||||
| 
 | ||||
|     # Use as a CSPRNG. | ||||
|     def random_bytes(size : Int) : Bytes | ||||
|       bytes = Bytes.new size | ||||
|       update bytes, bytes | ||||
|       bytes | ||||
|     def next_u : UInt8 | ||||
|       buf = uninitialized UInt8[1] | ||||
|       random_bytes buf.to_slice | ||||
|       buf.unsafe_as(UInt8) | ||||
|     end | ||||
| 
 | ||||
|     # Always returns false. Sadness... | ||||
|  | @ -87,26 +86,35 @@ module Sodium::Cipher | |||
|     end | ||||
|   end | ||||
| 
 | ||||
|   {% for key, valtup in {"XSalsa20" => {"xsalsa20", false}, "Salsa20" => {"salsa20", false}, "XChaCha20" => {"xchacha20", false}, "ChaCha20Ietf" => {"chacha20_ietf", true}, "ChaCha20" => {"chacha20", false}} %} | ||||
|     {% val = valtup[0] %} | ||||
|     {% ietf = valtup[1] %} | ||||
|   {% for key, val in {"XSalsa20" => "xsalsa20", "Salsa20" => "salsa20", "XChaCha20" => "xchacha20", "ChaCha20Ietf" => "chacha20_ietf", "ChaCha20" => "chacha20"} %} | ||||
|     # These classes can be used to generate pseudo-random data from a key, | ||||
|     # or as building blocks for implementing custom constructions, but they | ||||
|     # are not alternatives to secretbox. | ||||
|     # are not alternatives to `SecretBox`. | ||||
|     # | ||||
|     # See [https://libsodium.gitbook.io/doc/advanced/stream_ciphers](https://libsodium.gitbook.io/doc/advanced/stream_ciphers) for further information. | ||||
|     # | ||||
|     # This class mimicks the OpenSSL::Cipher interface with minor differences. | ||||
|     # This class mimicks the `OpenSSL::Cipher` interface with minor differences. | ||||
|     # | ||||
|     # Also provides a `::Random` interface. | ||||
|     # * Lacks forward secrecy. | ||||
|     # * ~3x faster than `::Random::Secure` | ||||
|     # | ||||
|     # Use with caution.  When in doubt use `::Random::Secure` | ||||
|     # | ||||
|     # Possibly safe uses: | ||||
|     # * Test data | ||||
|     # * Overwriting storage with random data | ||||
|     # * Single player video games (maybe) | ||||
|     # | ||||
|     # See `spec/sodium/cipher/chalsa_spec.cr` for examples on how to use this class. | ||||
|     # | ||||
|     # WARNING: Not validated against test vectors.  You should probably write some before using this class. | ||||
|     class {{ key.id }} < Chalsa | ||||
|       KEY_SIZE = LibSodium.crypto_stream_chacha20_{{ ietf ? "ietf_".id : "".id }}keybytes.to_i32 | ||||
|       NONCE_SIZE = LibSodium.crypto_stream_chacha20_{{ ietf ? "ietf_".id : "".id }}noncebytes.to_i32 | ||||
|       KEY_SIZE = LibSodium.crypto_stream_{{ val.id }}_keybytes.to_i32 | ||||
|       NONCE_SIZE = LibSodium.crypto_stream_{{ val.id }}_noncebytes.to_i32 | ||||
| 
 | ||||
|       def self.random | ||||
|         new key: Sodium::SecureBuffer.random(KEY_SIZE), nonce: Random::Secure.random_bytes(NONCE_SIZE) | ||||
|         new key: Sodium::SecureBuffer.random(KEY_SIZE), nonce: ::Random::Secure.random_bytes(NONCE_SIZE) | ||||
|       end | ||||
| 
 | ||||
|       # Xor's src with the cipher output and places in dst. | ||||
|  | @ -128,6 +136,14 @@ module Sodium::Cipher | |||
|         end | ||||
|       end | ||||
| 
 | ||||
|       def self.key_size : Int32 | ||||
|         KEY_SIZE | ||||
|       end | ||||
| 
 | ||||
|       def self.nonce_size : Int32 | ||||
|         NONCE_SIZE | ||||
|       end | ||||
| 
 | ||||
|       def key_size : Int32 | ||||
|         KEY_SIZE | ||||
|       end | ||||
|  |  | |||
|  | @ -42,9 +42,6 @@ class Sodium::CryptoBox | |||
|     getter key : Crypto::Secret | ||||
|     getter public_key : PublicKey | ||||
| 
 | ||||
|     # Returns key | ||||
|     delegate_to_slice to: @key | ||||
| 
 | ||||
|     @seed : Crypto::Secret? | ||||
| 
 | ||||
|     # Generate a new random secret/public key pair. | ||||
|  | @ -163,9 +160,12 @@ class Sodium::CryptoBox | |||
|     # For authenticated messages use `secret_key.box(recipient_public_key).decrypt`. | ||||
|     # | ||||
|     # Optionally supply a destination buffer. | ||||
|     def decrypt_string(src, dst : Bytes? = nil) : String | ||||
|       msg = decrypt src.to_slice, dst | ||||
|       String.new msg | ||||
|     def decrypt_string(src) : String | ||||
|       dsize = src.bytesize - SEAL_SIZE | ||||
|       String.new(dsize) do |dst| | ||||
|         decrypt src.to_slice, dst.to_slice(dsize) | ||||
|         {dsize, dsize} | ||||
|       end | ||||
|     end | ||||
| 
 | ||||
|     # :nodoc: | ||||
|  |  | |||
|  | @ -7,7 +7,8 @@ module Sodium | |||
|   # | ||||
|   # Usage: | ||||
|   # ``` | ||||
|   # kdf = KDF.new | ||||
|   # kdf = KDF.random | ||||
|   # kdf = KDF.move_key_from bytes | ||||
|   # subkey_id = 0 | ||||
|   # output_size = 16 | ||||
|   # subkey = kdf.derive "8bytectx", subkey_id, output_size | ||||
|  | @ -18,7 +19,7 @@ module Sodium | |||
|   # | ||||
|   # It's recommended to use a #wipe block to erase the master key when no longer needed | ||||
|   # ``` | ||||
|   # kdf = Kdf.new | ||||
|   # kdf = Kdf.random | ||||
|   # ... | ||||
|   # kdf.wipe do | ||||
|   #  ### Warning: abnormal exit may not wipe | ||||
|  | @ -41,16 +42,29 @@ module Sodium | |||
| 
 | ||||
|     getter key : Crypto::Secret | ||||
| 
 | ||||
|     def self.random | ||||
|       new(SecureBuffer.random(KEY_SIZE)) | ||||
|     end | ||||
| 
 | ||||
|     # Use an existing KDF key. | ||||
|     # | ||||
|     # * Copies key to a new SecureBuffer | ||||
|     # * Optionally erases bytes after copying if erase is set | ||||
|     def initialize(bytes : Bytes, erase = false) | ||||
|       if bytes.bytesize != KEY_SIZE | ||||
|         raise ArgumentError.new("bytes must be #{KEY_SIZE}, got #{bytes.bytesize}") | ||||
|       end | ||||
|     def self.copy_key_from(bytes : Bytes) | ||||
|       new(SecureBuffer.copy_from(bytes)) | ||||
|     end | ||||
| 
 | ||||
|       @key = SecureBuffer.new(bytes, erase).noaccess | ||||
|     # Use an existing KDF key. | ||||
|     # | ||||
|     # * Copies key to a new SecureBuffer | ||||
|     # * Erases bytes after copying | ||||
|     def self.move_key_from(bytes : Bytes) | ||||
|       new(SecureBuffer.move_from(bytes)) | ||||
|     end | ||||
| 
 | ||||
|     @[Deprecated("use .copy_key_from or .move_key_from")] | ||||
|     def initialize(bytes : Bytes, erase = false) | ||||
|       @key = SecureBuffer.new(1) | ||||
|       raise NotImplementedError.new("use .copy_key_from or .move_key_from") | ||||
|     end | ||||
| 
 | ||||
|     # Use an existing KDF Crypto::Secret key. | ||||
|  | @ -61,9 +75,7 @@ module Sodium | |||
|       @key.noaccess | ||||
|     end | ||||
| 
 | ||||
|     # Generate a new random KDF key. | ||||
|     # | ||||
|     # Make sure to save kdf.to_slice before kdf goes out of scope. | ||||
|     @[Deprecated("use .random")] | ||||
|     def initialize | ||||
|       @key = SecureBuffer.random(KEY_SIZE).noaccess | ||||
|     end | ||||
|  |  | |||
|  | @ -4,7 +4,5 @@ require "./wipe" | |||
| module Sodium | ||||
|   abstract class Key | ||||
|     include Sodium::Wipe | ||||
| 
 | ||||
|     abstract def to_slice : Bytes | ||||
|   end | ||||
| end | ||||
|  |  | |||
|  | @ -7,19 +7,20 @@ module Sodium | |||
|   # | ||||
|   # #initialize returns readonly or readwrite for thread safety | ||||
|   # When state changes are required (such as using #noaccess) and the buffer is accessed from multiple threads wrap each #readonly/#readwrite block in a lock. | ||||
|   class SecureBuffer | ||||
|   class SecureBuffer < Crypto::Secret | ||||
|     include Crypto::Secret::Stateful | ||||
| 
 | ||||
|     getter bytesize : Int32 | ||||
|     getter buffer_bytesize : Int32 | ||||
| 
 | ||||
|     def initialize(@bytesize : Int32) | ||||
|       @ptr = LibSodium.sodium_malloc @bytesize | ||||
|       raise Error::OutOfMemory.new if @ptr.null? | ||||
|     def initialize(@buffer_bytesize : Int32) | ||||
|       @ptr = LibSodium.sodium_malloc @buffer_bytesize | ||||
|       raise Error::OutOfMemory.new("allocating #{@buffer_bytesize}") if @ptr.null? | ||||
|     end | ||||
| 
 | ||||
|     # Copies bytes to a **readonly** SecureBuffer. | ||||
|     # Optionally erases bytes after copying if erase is set | ||||
|     # Returns a **readonly** SecureBuffer. | ||||
|     @[Deprecated("Use .copy_from or .move_from")] | ||||
|     def initialize(bytes : Bytes, erase = false) | ||||
|       initialize bytes.bytesize | ||||
|       readwrite do |slice| | ||||
|  | @ -32,7 +33,7 @@ module Sodium | |||
|     # :nodoc: | ||||
|     # For .dup | ||||
|     def initialize(sbuf : Crypto::Secret) | ||||
|       initialize sbuf.bytesize | ||||
|       initialize sbuf.buffer_bytesize | ||||
| 
 | ||||
|       # Maybe not thread safe | ||||
|       sbuf.readonly do |sslice| | ||||
|  | @ -56,18 +57,12 @@ module Sodium | |||
|     # | ||||
|     @[Deprecated("Use the Slice provided within a `readonly` or `readwrite` block")] | ||||
|     def to_slice : Bytes | ||||
|       case @state | ||||
|       when State::Noaccess, State::Wiped | ||||
|         readonly | ||||
|       else | ||||
|         # Ok | ||||
|       end | ||||
|       Slice(UInt8).new @ptr, @bytesize | ||||
|       raise NotImplementedError.new | ||||
|     end | ||||
| 
 | ||||
|     protected def to_slice(& : Bytes -> Nil) | ||||
|       ro = @state < State::Readonly | ||||
|       yield Bytes.new(@ptr, @bytesize, read_only: ro) | ||||
|       yield Bytes.new(@ptr, @buffer_bytesize, read_only: ro) | ||||
|     end | ||||
| 
 | ||||
|     # :nodoc: | ||||
|  |  | |||
		Loading…
	
	Add table
		
		Reference in a new issue