Commit 6354ea4f authored by Jesper Louis Andersen's avatar Jesper Louis Andersen
Browse files

Improve the return values for keypairs.

To avoid the common mistake of re-arranging keypairs, provide them in a map which
forces the programmer to unpack the map in order to obtain the keys. This in turn makes
it harder to swap the PK/SK pair around and mistakenly giving out the secret key to the world.
parent 7c8272ba
...@@ -19,13 +19,13 @@ nonce() -> ...@@ -19,13 +19,13 @@ nonce() ->
fault(nonce_bad(), nonce_good()). fault(nonce_bad(), nonce_good()).
keypair_good() -> keypair_good() ->
{ok, PK, SK} = enacl:box_keypair(), #{ public := PK, secret := SK} = enacl:box_keypair(),
{PK, SK}. {PK, SK}.
keypair_bad() -> keypair_bad() ->
?LET(X, elements([pk, sk]), ?LET(X, elements([pk, sk]),
begin begin
{ok, PK, SK} = enacl:box_keypair(), #{ public := PK, secret := SK} = enacl:box_keypair(),
case X of case X of
pk -> pk ->
PKBytes = enacl:box_public_key_bytes(), PKBytes = enacl:box_public_key_bytes(),
...@@ -42,7 +42,6 @@ keypair() -> ...@@ -42,7 +42,6 @@ keypair() ->
%% CRYPTO BOX %% CRYPTO BOX
%% --------------------------- %% ---------------------------
keypair_valid(PK, SK) when is_binary(PK), is_binary(SK) -> keypair_valid(PK, SK) when is_binary(PK), is_binary(SK) ->
PKBytes = enacl:box_public_key_bytes(), PKBytes = enacl:box_public_key_bytes(),
SKBytes = enacl:box_secret_key_bytes(), SKBytes = enacl:box_secret_key_bytes(),
...@@ -53,7 +52,7 @@ prop_box_keypair() -> ...@@ -53,7 +52,7 @@ prop_box_keypair() ->
?FORALL(_X, return(dummy), ?FORALL(_X, return(dummy),
ok_box_keypair(enacl:box_keypair())). ok_box_keypair(enacl:box_keypair())).
ok_box_keypair({ok, _PK, _SK}) -> true; ok_box_keypair(#{ public := _, secret := _}) -> true;
ok_box_keypair(_) -> false. ok_box_keypair(_) -> false.
box(Msg, Nonce , PK, SK) -> box(Msg, Nonce , PK, SK) ->
......
...@@ -76,13 +76,13 @@ verify_32(X, Y) -> enacl_nif:crypto_verify_32(X, Y). ...@@ -76,13 +76,13 @@ verify_32(X, Y) -> enacl_nif:crypto_verify_32(X, Y).
%% Public Key Crypto %% Public Key Crypto
%% --------------------- %% ---------------------
%% @doc box_keypair/0 creates a new Public/Secret keypair. %% @doc box_keypair/0 creates a new Public/Secret keypair.
%% Generates and returns a new key pair for the Box encryption scheme. %% Generates and returns a new key pair for the Box encryption scheme. The return value is a
%% map in order to avoid using the public key as a secret key and vice versa.
%% @end. %% @end.
-spec box_keypair() -> {PublicKey, SecretKey} -spec box_keypair() -> maps:map(atom(), binary()).
when PublicKey :: binary(),
SecretKey :: binary().
box_keypair() -> box_keypair() ->
enacl_nif:crypto_box_keypair(). {PK, SK} = enacl_nif:crypto_box_keypair(),
#{ public => PK, secret => SK}.
%% @doc box/4 encrypts+authenticates a message to another party. %% @doc box/4 encrypts+authenticates a message to another party.
%% Encrypt a `Msg` to the party identified by public key `PK` using your own secret key `SK` to %% Encrypt a `Msg` to the party identified by public key `PK` using your own secret key `SK` to
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment