hkdf 0.1.0 → 0.2.0

data/README.md

@@ -18,6 +18,14 @@ hkdf.next_bytes(16)
  => "\xC0<\x13\x85\x8C\x84z\xCE\xC7\xCE+\xFF\x1C\xEB\xE6\xBC"
 ```
 
+You can also give an IO object as the source. It will be read in as a stream to generate the key. The optional argument ```:read_size``` can be used to control how many bytes are read from the IO at a time.
+
+```ruby
+hkdf = HKDF.new(File.new('/tmp/filename'), :read_size => 512)
+hkdf.next_bytes(32)
+ => "\f#\xF4b\x98\x9B\x7Fw>|/|k\xF4k\xB7\xB9\x11e\xC5\x92\xD1\fH\xFDG\x94vt\xB4\x14\xCE"
+```
+
 ## License
 
 The HKDF gem is released under the [MIT license](http://www.opensource.org/licenses/MIT).

data/lib/hkdf.rb

@@ -1,16 +1,21 @@
 require 'openssl'
+require 'stringio'
 
 class HKDF
+  DefaultReadSize = 512 * 1024
+
   def initialize(source, options = {})
-    options = {:algorithm => 'SHA256', :info => '', :salt => nil}.merge(options)
+    options = {:algorithm => 'SHA256', :info => '', :salt => nil, :read_size => nil}.merge(options)
+    source = StringIO.new(source) if source.is_a?(String)
 
     @digest = OpenSSL::Digest.new(options[:algorithm])
     @info = options[:info]
 
     salt = options[:salt]
     salt = 0.chr * @digest.digest_length if salt.nil? or salt.empty?
+    read_size = options[:read_size] || DefaultReadSize
 
-    @prk = OpenSSL::HMAC.digest(@digest, salt, source)
+    @prk = _generate_prk(salt, source, read_size)
     @position = 0
     @blocks = []
     @blocks << ''
@@ -50,6 +55,14 @@ class HKDF
     next_bytes(length).unpack('H*').first
   end
 
+  def _generate_prk(salt, source, read_size)
+    hmac = OpenSSL::HMAC.new(salt, @digest)
+    while block = source.read(read_size)
+      hmac.update(block)
+    end
+    hmac.digest
+  end
+
   def _generate_blocks(length)
     start = @blocks.size
     block_count = (length.to_f / @digest.digest_length).ceil

data/spec/hkdf_spec.rb

@@ -8,6 +8,26 @@ describe HKDF do
   end
 
   describe 'initialize' do
+    it 'accepts an IO or a string as a source' do
+      output1 = HKDF.new(@source).next_bytes(32)
+      output2 = HKDF.new(StringIO.new(@source)).next_bytes(32)
+      output1.should == output2
+    end
+
+    it 'reads in an IO at a given read size' do
+      io = StringIO.new(@source)
+      io.should_receive(:read).with(1)
+
+      HKDF.new(io, :read_size => 1)
+    end
+
+    it 'reads in the whole IO' do
+      hkdf1 = HKDF.new(@source, :read_size => 1)
+      hkdf2 = HKDF.new(@source)
+
+      hkdf1.next_bytes(32).should == hkdf2.next_bytes(32)
+    end
+
     it 'defaults the algorithm to SHA-256' do
       HKDF.new(@source).algorithm.should == 'SHA256'
     end
@@ -46,15 +66,15 @@ describe HKDF do
 
   describe 'next_bytes' do
     it 'raises an error if requested size is > max_length' do
-      expect { @hkdf.next_bytes(@hkdf.max_length + 1) }.should raise_error(RangeError, /requested \d+ bytes, only \d+ available/)
-      expect { @hkdf.next_bytes(@hkdf.max_length) }.should_not raise_error(RangeError, /requested \d+ bytes, only \d+ available/)
+      expect { @hkdf.next_bytes(@hkdf.max_length + 1) }.to raise_error(RangeError, /requested \d+ bytes, only \d+ available/)
+      expect { @hkdf.next_bytes(@hkdf.max_length) }.to_not raise_error(RangeError)
     end
 
     it 'raises an error if requested size + current position is > max_length' do
       expect do
         @hkdf.next_bytes(32)
         @hkdf.next_bytes(@hkdf.max_length - 31)
-      end.should raise_error(RangeError, /requested \d+ bytes, only \d+ available/)
+      end.to raise_error(RangeError, /requested \d+ bytes, only \d+ available/)
     end
 
     it 'advances the stream position' do
@@ -86,8 +106,8 @@ describe HKDF do
     end
 
     it 'raises an error if requested to seek past end of stream' do
-      expect { @hkdf.seek(@hkdf.max_length + 1) }.should raise_error(RangeError, /cannot seek past \d+/)
-      expect { @hkdf.seek(@hkdf.max_length) }.should_not raise_error(RangeError, /cannot seek past \d+/)
+      expect { @hkdf.seek(@hkdf.max_length + 1) }.to raise_error(RangeError, /cannot seek past \d+/)
+      expect { @hkdf.seek(@hkdf.max_length) }.to_not raise_error(RangeError)
     end
   end
 

data/spec/spec_helper.rb

@@ -1,5 +1,10 @@
 require 'hkdf'
 
+RSpec.configure do |config|
+  config.treat_symbols_as_metadata_keys_with_true_values = true
+  config.order = 'random'
+end
+
 def test_vectors
   test_lines = File.readlines('spec/test_vectors.txt').map(&:strip).reject(&:empty?)
 

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: hkdf
 version: !ruby/object:Gem::Version
-  version: 0.1.0
+  version: 0.2.0
   prerelease: 
 platform: ruby
 authors:
@@ -9,11 +9,11 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2012-04-14 00:00:00.000000000 Z
+date: 2012-09-23 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rspec
-  requirement: &70196819801820 !ruby/object:Gem::Requirement
+  requirement: !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -21,7 +21,12 @@ dependencies:
         version: '0'
   type: :development
   prerelease: false
-  version_requirements: *70196819801820
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
 description: ! 'A ruby implementation of RFC5869: HMAC-based Extract-and-Expand Key
   Derivation Function (HKDF). The goal of HKDF is to take some source key material
   and generate suitable cryptographic keys from it.'
@@ -56,7 +61,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 1.8.17
+rubygems_version: 1.8.23
 signing_key: 
 specification_version: 3
 summary: HMAC-based Key Derivation Function