Summary
Refactor seeded keypair path to use static SHA256.HashData APIs rather than per-call SHA256.Create()/Dispose().
Why
Static hashing APIs reduce allocations and simplify the hot-path seeded key generation code.
Proposed change
- Replace disposable SHA256 instance creation in
New-SodiumKeyPair -Seed with SHA256.HashData.
- Preserve deterministic seed->keypair behavior exactly.
- Keep sensitive data clearing behavior for intermediate buffers.
Acceptance criteria
- Deterministic seeded output remains unchanged for same input seed.
- Existing tests pass.
- Seeded keypair benchmark shows reduced overhead or no regression.
- Code path has fewer transient allocations.
Summary
Refactor seeded keypair path to use static
SHA256.HashDataAPIs rather than per-callSHA256.Create()/Dispose().Why
Static hashing APIs reduce allocations and simplify the hot-path seeded key generation code.
Proposed change
New-SodiumKeyPair -SeedwithSHA256.HashData.Acceptance criteria