luciano/nippy
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

[Crypto] Rename some arguments for extra clarity

Browse source
This commit is contained in:
Peter Taoussanis 2018-10-08 20:34:23 +02:00
parent 7f9b075ba7
commit b0c7a0f8c7
2 changed files with 22 additions and 22 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

24
src/taoensso/nippy/crypto.clj
View file

@ -109,7 +109,7 @@
;; Output bytes: [ <iv> <?salt> <encrypted>] ;; Output bytes: [ <iv> <?salt> <encrypted>]
;; Could also do: [<iv-len> <iv> <salt-len> <?salt> <encrypted>] ;; Could also do: [<iv-len> <iv> <salt-len> <?salt> <encrypted>]
(defn encrypt (defn encrypt
[{:keys [cipher-kit ?salt-ba key-ba ba rand-bytes-fn] [{:keys [cipher-kit ?salt-ba key-ba plain-ba rand-bytes-fn]
:or {cipher-kit cipher-kit-aes-gcm :or {cipher-kit cipher-kit-aes-gcm
rand-bytes-fn rand-bytes}}] rand-bytes-fn rand-bytes}}]
(let [iv-size (long (get-iv-size cipher-kit)) (let [iv-size (long (get-iv-size cipher-kit))
@ -120,17 +120,17 @@
cipher (get-cipher cipher-kit)] cipher (get-cipher cipher-kit)]
(.init cipher javax.crypto.Cipher/ENCRYPT_MODE key-spec param-spec) (.init cipher javax.crypto.Cipher/ENCRYPT_MODE key-spec param-spec)
(enc/ba-concat prefix-ba (.doFinal cipher ba)))) (enc/ba-concat prefix-ba (.doFinal cipher plain-ba))))
(comment (encrypt {:?salt-ba nil :key-ba (take-ba 16 (sha512-key-ba nil "pwd")) :ba (utf8->ba "data")})) (comment (encrypt {:?salt-ba nil :key-ba (take-ba 16 (sha512-key-ba nil "pwd")) :plain-ba (utf8->ba "data")}))
(defn decrypt (defn decrypt
[{:keys [cipher-kit salt-size salt->key-fn ba] [{:keys [cipher-kit salt-size salt->key-fn enc-ba]
:or {cipher-kit cipher-kit-aes-gcm}}] :or {cipher-kit cipher-kit-aes-gcm}}]
(let [salt-size (long salt-size) (let [salt-size (long salt-size)
iv-size (long (get-iv-size cipher-kit)) iv-size (long (get-iv-size cipher-kit))
prefix-size (+ iv-size salt-size) prefix-size (+ iv-size salt-size)
[prefix-ba data-ba] (enc/ba-split ba prefix-size) [prefix-ba enc-ba] (enc/ba-split enc-ba prefix-size)
[iv-ba salt-ba] (if (pos? salt-size) [iv-ba salt-ba] (if (pos? salt-size)
(enc/ba-split prefix-ba iv-size) (enc/ba-split prefix-ba iv-size)
[prefix-ba nil]) [prefix-ba nil])
@ -141,21 +141,21 @@
cipher (get-cipher cipher-kit)] cipher (get-cipher cipher-kit)]
(.init cipher javax.crypto.Cipher/DECRYPT_MODE key-spec param-spec) (.init cipher javax.crypto.Cipher/DECRYPT_MODE key-spec param-spec)
(.doFinal cipher data-ba))) (.doFinal cipher enc-ba)))
(comment (comment
(do (do
(defn sha512-k16 [?salt-ba pwd] (take-ba 16 (sha512-key-ba ?salt-ba pwd))) (defn sha512-k16 [?salt-ba pwd] (take-ba 16 (sha512-key-ba ?salt-ba pwd)))
(defn roundtrip [kit ?salt-ba key-ba key-fn] (defn roundtrip [kit ?salt-ba key-ba key-fn]
(let [salt-size (count ?salt-ba) (let [salt-size (count ?salt-ba)
encr (encrypt {:cipher-kit kit :?salt-ba ?salt-ba :key-ba key-ba :ba (utf8->ba "data")}) encr (encrypt {:cipher-kit kit :?salt-ba ?salt-ba :key-ba key-ba :plain-ba (utf8->ba "data")})
decr (decrypt {:cipher-kit kit :salt-size salt-size :salt->key-fn key-fn :ba encr})] decr (decrypt {:cipher-kit kit :salt-size salt-size :salt->key-fn key-fn :enc-ba encr})]
(String. ^bytes decr "UTF-8"))) (String. ^bytes decr "UTF-8")))
[(let [s (rand-bytes 16)] (roundtrip cipher-kit-aes-gcm s (sha512-k16 s "pwd") #(sha512-16 % "pwd"))) [(let [s (rand-bytes 16)] (roundtrip cipher-kit-aes-gcm s (sha512-k16 s "pwd") #(sha512-k16 % "pwd")))
(let [s nil] (roundtrip cipher-kit-aes-gcm s (sha512-k16 s "pwd") #(sha512-16 % "pwd"))) (let [s nil] (roundtrip cipher-kit-aes-gcm s (sha512-k16 s "pwd") #(sha512-k16 % "pwd")))
(let [s (rand-bytes 16)] (roundtrip cipher-kit-aes-cbc s (sha512-k16 s "pwd") #(sha512-16 % "pwd"))) (let [s (rand-bytes 16)] (roundtrip cipher-kit-aes-cbc s (sha512-k16 s "pwd") #(sha512-k16 % "pwd")))
(let [s nil] (roundtrip cipher-kit-aes-cbc s (sha512-k16 s "pwd") #(sha512-16 % "pwd")))]) (let [s nil] (roundtrip cipher-kit-aes-cbc s (sha512-k16 s "pwd") #(sha512-k16 % "pwd")))])
(enc/qb 10 (enc/qb 10
(let [s (rand-bytes 16)] (let [s (rand-bytes 16)]

8
src/taoensso/nippy/encryption.clj
View file

@ -31,7 +31,7 @@
(deftype AES128Encryptor [header-id salted-key-fn cached-key-fn] (deftype AES128Encryptor [header-id salted-key-fn cached-key-fn]
IEncryptor IEncryptor
(header-id [_] header-id) (header-id [_] header-id)
(encrypt [_ typed-pwd ba] (encrypt [_ typed-pwd plain-ba]
(let [[type pwd] (destructure-typed-pwd typed-pwd) (let [[type pwd] (destructure-typed-pwd typed-pwd)
salt? (identical? type :salted) salt? (identical? type :salted)
?salt-ba (when salt? (crypto/rand-bytes 16)) ?salt-ba (when salt? (crypto/rand-bytes 16))
@ -45,9 +45,9 @@
{:cipher-kit crypto/cipher-kit-aes-cbc {:cipher-kit crypto/cipher-kit-aes-cbc
:?salt-ba ?salt-ba :?salt-ba ?salt-ba
:key-ba key-ba :key-ba key-ba
:ba ba}))) :plain-ba plain-ba})))
(decrypt [_ typed-pwd ba] (decrypt [_ typed-pwd enc-ba]
(let [[type pwd] (destructure-typed-pwd typed-pwd) (let [[type pwd] (destructure-typed-pwd typed-pwd)
salt? (identical? type :salted) salt? (identical? type :salted)
salt->key-fn salt->key-fn
@ -59,7 +59,7 @@
{:cipher-kit crypto/cipher-kit-aes-cbc {:cipher-kit crypto/cipher-kit-aes-cbc
:salt-size (if salt? 16 0) :salt-size (if salt? 16 0)
:salt->key-fn salt->key-fn :salt->key-fn salt->key-fn
:ba ba})))) :enc-ba enc-ba}))))
(def aes128-encryptor (def aes128-encryptor
"Default 128bit AES encryptor with many-round SHA-512 key-gen. "Default 128bit AES encryptor with many-round SHA-512 key-gen.