diff --git a/README.md b/README.md index c9eda21..2e9a10e 100644 --- a/README.md +++ b/README.md @@ -77,6 +77,9 @@ slice = method_that_return_bytes() secret = Crypto::Secret::Bidet.move_from slice # erases slice # or secret = Crypto::Secret::Bidet.copy_from slice +# or +secret = Crypto::Secret::Bidet size_in_bytes +secret.move_from slice ``` ## What is a Secret? diff --git a/src/crypto-secret/class_methods.cr b/src/crypto-secret/class_methods.cr index c168546..0158a73 100644 --- a/src/crypto-secret/class_methods.cr +++ b/src/crypto-secret/class_methods.cr @@ -13,9 +13,7 @@ module Crypto::Secret::ClassMethods # Returns a **readonly** Secret def copy_from(data : Bytes) new(data.bytesize).tap do |obj| - obj.readwrite do |slice| - data.copy_to slice - end + obj.copy_from data end end diff --git a/src/crypto-secret/key.cr b/src/crypto-secret/key.cr index b10323b..59475ba 100644 --- a/src/crypto-secret/key.cr +++ b/src/crypto-secret/key.cr @@ -6,7 +6,7 @@ require "./bidet" # # Uses `Sodium::SecureBuffer` If "sodium" is required before "crypto-secret" {% if @type.has_constant?("Sodium") %} - class Crypto::Secret::Key < ::Sodum::SecureBuffer + class Crypto::Secret::Key < ::Sodium::SecureBuffer end {% else %} # TODO: mlock diff --git a/src/crypto-secret/secret.cr b/src/crypto-secret/secret.cr index 082aee5..05f94b6 100644 --- a/src/crypto-secret/secret.cr +++ b/src/crypto-secret/secret.cr @@ -38,11 +38,29 @@ module Crypto::Secret extend ClassMethods # For debugging. + # # Returned String **not** tracked or wiped def hexstring : String readonly &.hexstring end + # Copies then wipes *data* + # + # Prefer this method over `#copy_from` + def move_from(data : Bytes) : Nil + copy_from data + ensure + data.wipe + end + + # Copies from *data* + def copy_from(data : Bytes) : Nil + readwrite do |slice| + slice.copy_from data + end + end + + # Fills `Secret` with secure random data def random : self readwrite do |slice| Random::Secure.random_bytes slice