Improve the return values for keypairs.
To avoid the common mistake of re-arranging keypairs, provide them in a map which forces the programmer to unpack the map in order to obtain the keys. This in turn makes it harder to swap the PK/SK pair around and mistakenly giving out the secret key to the world.
This commit is contained in:
Jesper Louis Andersen
parent
7c8272baa8
commit
6354ea4f69
@ -19,13 +19,13 @@ nonce() ->
|
||||
fault(nonce_bad(), nonce_good()).
|
||||
|
||||
keypair_good() ->
|
||||
{ok, PK, SK} = enacl:box_keypair(),
|
||||
#{ public := PK, secret := SK} = enacl:box_keypair(),
|
||||
{PK, SK}.
|
||||
|
||||
keypair_bad() ->
|
||||
?LET(X, elements([pk, sk]),
|
||||
begin
|
||||
{ok, PK, SK} = enacl:box_keypair(),
|
||||
#{ public := PK, secret := SK} = enacl:box_keypair(),
|
||||
case X of
|
||||
pk ->
|
||||
PKBytes = enacl:box_public_key_bytes(),
|
||||
@ -42,7 +42,6 @@ keypair() ->
|
||||
%% CRYPTO BOX
|
||||
%% ---------------------------
|
||||
|
||||
|
||||
keypair_valid(PK, SK) when is_binary(PK), is_binary(SK) ->
|
||||
PKBytes = enacl:box_public_key_bytes(),
|
||||
SKBytes = enacl:box_secret_key_bytes(),
|
||||
@ -53,7 +52,7 @@ prop_box_keypair() ->
|
||||
?FORALL(_X, return(dummy),
|
||||
ok_box_keypair(enacl:box_keypair())).
|
||||
|
||||
ok_box_keypair({ok, _PK, _SK}) -> true;
|
||||
ok_box_keypair(#{ public := _, secret := _}) -> true;
|
||||
ok_box_keypair(_) -> false.
|
||||
|
||||
box(Msg, Nonce , PK, SK) ->
|
||||
|
||||
@ -76,13 +76,13 @@ verify_32(X, Y) -> enacl_nif:crypto_verify_32(X, Y).
|
||||
%% Public Key Crypto
|
||||
%% ---------------------
|
||||
%% @doc box_keypair/0 creates a new Public/Secret keypair.
|
||||
%% Generates and returns a new key pair for the Box encryption scheme.
|
||||
%% Generates and returns a new key pair for the Box encryption scheme. The return value is a
|
||||
%% map in order to avoid using the public key as a secret key and vice versa.
|
||||
%% @end.
|
||||
-spec box_keypair() -> {PublicKey, SecretKey}
|
||||
when PublicKey :: binary(),
|
||||
SecretKey :: binary().
|
||||
-spec box_keypair() -> maps:map(atom(), binary()).
|
||||
box_keypair() ->
|
||||
enacl_nif:crypto_box_keypair().
|
||||
{PK, SK} = enacl_nif:crypto_box_keypair(),
|
||||
#{ public => PK, secret => SK}.
|
||||
|
||||
%% @doc box/4 encrypts+authenticates a message to another party.
|
||||
%% Encrypt a `Msg` to the party identified by public key `PK` using your own secret key `SK` to
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user