ffi-hydrogen 0.1.0

data/lib/ffi/hydrogen.rb

@@ -0,0 +1,216 @@
+require "ffi"
+
+module FFI
+  module Hydrogen
+    extend FFI::Library
+
+    # define hydro_secretbox_KEYBYTES 32
+    # define hydro_secretbox_HEADERBYTES (20 + 16)
+    KEYBYTES = 32
+    HEADERBYTES = 36
+
+    ffi_lib "vendor/main.#{::FFI::Platform::LIBSUFFIX}"
+
+    # void hydro_secretbox_keygen(uint8_t key[hydro_secretbox_KEYBYTES])
+    attach_function :_hydro_secretbox_keygen, :hydro_secretbox_keygen, [:pointer], :void
+
+    # int hydro_secretbox_encrypt(uint8_t *c, const void *m_, size_t mlen, uint64_t msg_id,
+    #                             const char    ctx[hydro_secretbox_CONTEXTBYTES],
+    #                             const uint8_t key[hydro_secretbox_KEYBYTES])
+    attach_function :_hydro_secretbox_encrypt, :hydro_secretbox_encrypt, [:pointer, :pointer, :size_t, :uint64, :pointer, :pointer], :int32
+
+    # int hydro_secretbox_decrypt(void *m_, const uint8_t *c, size_t clen, uint64_t msg_id,
+    #                             const char    ctx[hydro_secretbox_CONTEXTBYTES],
+    #                             const uint8_t key[hydro_secretbox_KEYBYTES])
+    attach_function :_hydro_secretbox_decrypt, :hydro_secretbox_decrypt, [:pointer, :pointer, :size_t, :uint64, :pointer, :pointer], :int32
+
+    # size_t modp_b64_encode(char* dest, const char* str, size_t len)
+    attach_function :_modp_b64_encode, :modp_b64_encode, [:pointer, :pointer, :size_t], :size_t
+
+    # size_t modp_b64_decode(char* dest, const char* src, size_t len)
+    attach_function :_modp_b64_decode, :modp_b64_decode, [:pointer, :pointer, :size_t], :size_t
+
+    # size_t encrypt_encode(char* dest, const char* message, size_t message_len,
+    #                       uint64_t message_id,
+    #                       const char context[hydro_secretbox_CONTEXTBYTES],
+    #                       const uint8_t key[hydro_secretbox_KEYBYTES])
+    attach_function :_encrypt_encode, :encrypt_encode, [:pointer, :pointer, :size_t, :uint64, :pointer, :pointer], :size_t
+
+    # size_t decode_decrypt(char* dest, const void* message, size_t message_len,
+    #                       uint64_t message_id,
+    #                       const char context[hydro_secretbox_CONTEXTBYTES],
+    #                       const uint8_t key[hydro_secretbox_KEYBYTES])
+    attach_function :_decode_decrypt, :decode_decrypt, [:pointer, :pointer, :size_t, :uint64, :pointer, :pointer], :size_t
+
+    def self.encrypt_encode(text, context, key, message_id = 0)
+      result = nil
+      text_len = text.bytesize
+      max_len = modp_b64_encode_len(text_len + HEADERBYTES)
+
+      create_key(key) do |key_ptr|
+        create_context(context) do |context_ptr|
+          create_string_and_buffer(text, max_len) do |text_ptr, buff_ptr|
+            size = _encrypt_encode(buff_ptr, text_ptr, text_len, message_id, context_ptr, key_ptr)
+            result = buff_ptr.get_bytes(0, size)
+          end
+        end
+      end
+
+      result
+    end
+
+    def self.decode_decrypt(text, context, key, message_id = 0)
+      result = nil
+      text_len = text.bytesize
+      max_len = modp_b64_decode_len(text_len)
+
+      create_key(key) do |key_ptr|
+        create_context(context) do |context_ptr|
+          create_string_and_buffer(text, max_len) do |text_ptr, buff_ptr|
+            size = _decode_decrypt(buff_ptr, text_ptr, text_len, message_id, context_ptr, key_ptr)
+            result = buff_ptr.get_bytes(0, size)
+          end
+        end
+      end
+
+      result
+    end
+
+    def self.modp_b64_encode(text)
+      encoded = nil
+      text_len = text.bytesize
+      buff_len = modp_b64_encode_len(text_len)
+
+      create_string_and_buffer(text, buff_len) do |text_ptr, buff_ptr|
+        size = ::FFI::Hydrogen._modp_b64_encode(buff_ptr, text_ptr, text_len)
+        encoded = buff_ptr.get_bytes(0, size)
+      end
+
+      encoded
+    end
+
+    def self.modp_b64_decode(text)
+      decoded = nil
+      text_len = text.bytesize
+      buff_len = modp_b64_decode_len(text_len)
+
+      create_string_and_buffer(text, buff_len) do |text_ptr, buff_ptr|
+        size = ::FFI::Hydrogen._modp_b64_decode(buff_ptr, text_ptr, text_len)
+        decoded = buff_ptr.get_bytes(0, size)
+      end
+
+      decoded
+    end
+
+    def self.modp_b64_encode_len(len)
+      ((len + 2) / 3 * 4 + 1)
+    end
+
+    def self.modp_b64_decode_len(len)
+      (len / 4 * 3 + 2)
+    end
+
+    def self.hydro_secretbox_keygen
+      key = nil
+
+      ::FFI::MemoryPointer.new(:char, KEYBYTES) do |buff|
+        ::FFI::Hydrogen._hydro_secretbox_keygen(buff)
+        key = buff.get_bytes(0, KEYBYTES)
+      end
+
+      key
+    end
+
+    def self.hydro_secretbox_encrypt(text, context, key, message_id = 0)
+      encrypted = nil
+      cipher_len = HEADERBYTES + text.bytesize
+
+      ::FFI::MemoryPointer.new(:uint8, cipher_len) do |cipher_ptr|
+        ::FFI::MemoryPointer.new(:char, text.bytesize) do |text_ptr|
+          text_ptr.put_bytes(0, text)
+
+          create_context(context) do |context_ptr|
+            create_key(key) do |key_ptr|
+              ::FFI::Hydrogen._hydro_secretbox_encrypt(cipher_ptr, text_ptr, text.bytesize, message_id, context_ptr, key_ptr)
+              encrypted = cipher_ptr.get_bytes(0, cipher_len)
+            end
+          end
+        end
+      end
+
+      encrypted
+    end
+
+    def self.hydro_secretbox_decrypt(cipher_text, context, key, message_id = 0)
+      encrypted = nil
+      cipher_len = cipher_text.bytesize - HEADERBYTES
+
+      ::FFI::MemoryPointer.new(:char, cipher_len) do |text_ptr|
+        ::FFI::MemoryPointer.new(:uint8, cipher_text.bytesize) do |cipher_ptr|
+          cipher_ptr.put_bytes(0, cipher_text)
+
+          create_context(context) do |context_ptr|
+            create_key(key) do |key_ptr|
+              ::FFI::Hydrogen._hydro_secretbox_decrypt(text_ptr, cipher_ptr, cipher_text.bytesize, message_id, context_ptr, key_ptr)
+              encrypted = text_ptr.get_bytes(0, cipher_len)
+            end
+          end
+        end
+      end
+
+      encrypted
+    end
+
+    def self.create_context(context)
+      return yield(context) if context.is_a?(::FFI::MemoryPointer)
+
+      ::FFI::MemoryPointer.new(:char, context.bytesize) do |context_ptr|
+        context_ptr.put_bytes(0, context)
+        yield(context_ptr)
+      end
+    end
+
+    def self.create_key(key)
+      return yield(key) if key.is_a?(::FFI::MemoryPointer)
+
+      ::FFI::MemoryPointer.new(:uint8, key.bytesize) do |key_ptr|
+        key_ptr.put_bytes(0, key)
+        yield(key_ptr)
+      end
+    end
+
+    def self.create_string_and_buffer(text, buff_size)
+      ::FFI::MemoryPointer.new(:char, buff_size) do |buff_ptr|
+        ::FFI::MemoryPointer.new(:char, text.bytesize) do |text_ptr|
+          text_ptr.put_bytes(0, text)
+          yield(text_ptr, buff_ptr)
+        end
+      end
+    end
+
+    class Secretbox
+      def initialize(context, key)
+        @context_ptr = ::FFI::MemoryPointer.new(:char, context.bytesize)
+        @context_ptr.put_bytes(0, context)
+        @key_ptr = ::FFI::MemoryPointer.new(:uint8, key.bytesize)
+        @key_ptr.put_bytes(0, key)
+      end
+
+      def encrypt(text, message_id = 0)
+        ::FFI::Hydrogen.hydro_secretbox_encrypt(text, @context_ptr, @key_ptr, message_id)
+      end
+
+      def decrypt(text, message_id = 0)
+        ::FFI::Hydrogen.hydro_secretbox_decrypt(text, @context_ptr, @key_ptr, message_id)
+      end
+
+      def encrypt_encode(text, message_id = 0)
+        ::FFI::Hydrogen.encrypt_encode(text, @context_ptr, @key_ptr, message_id)
+      end
+
+      def decode_decrypt(text, message_id = 0)
+        ::FFI::Hydrogen.decode_decrypt(text, @context_ptr, @key_ptr, message_id)
+      end
+    end
+  end
+end

data/vendor/.clang-format

@@ -0,0 +1,2 @@
+ReflowComments: false
+BasedOnStyle: Google

data/vendor/.gitignore

@@ -0,0 +1,3 @@
+main
+main.o
+main.dylib

data/vendor/README.md

@@ -0,0 +1,2 @@
+- `libhydrogen` was downloaded from https://github.com/jedisct1/libhydrogen at this sha: 39eb529905.
+- `stringencoders` was downloaded from https://github.com/client9/stringencoders at this sha: e1448a9415.

data/vendor/libhydrogen/.clang-format

@@ -0,0 +1,95 @@
+---
+Language:        Cpp
+AccessModifierOffset: -4
+AlignAfterOpenBracket: Align
+AlignConsecutiveAssignments: true
+AlignConsecutiveDeclarations: true
+AlignEscapedNewlinesLeft: true
+AlignOperands:   true
+AlignTrailingComments: true
+AllowAllParametersOfDeclarationOnNextLine: true
+AllowShortBlocksOnASingleLine: false
+AllowShortCaseLabelsOnASingleLine: false
+AllowShortFunctionsOnASingleLine: Inline
+AllowShortIfStatementsOnASingleLine: false
+AllowShortLoopsOnASingleLine: false
+AlwaysBreakAfterDefinitionReturnType: None
+AlwaysBreakAfterReturnType: TopLevelDefinitions
+AlwaysBreakBeforeMultilineStrings: true
+AlwaysBreakTemplateDeclarations: true
+BinPackArguments: true
+BinPackParameters: true
+BraceWrapping:   
+  AfterClass:      false
+  AfterControlStatement: false
+  AfterEnum:       false
+  AfterFunction:   true
+  AfterNamespace:  false
+  AfterObjCDeclaration: false
+  AfterStruct:     false
+  AfterUnion:      false
+  BeforeCatch:     false
+  BeforeElse:      false
+  IndentBraces:    false
+BreakBeforeBinaryOperators: None
+BreakBeforeBraces: WebKit
+BreakBeforeTernaryOperators: true
+BreakConstructorInitializersBeforeComma: true
+BreakAfterJavaFieldAnnotations: false
+BreakStringLiterals: true
+ColumnLimit:     100
+CommentPragmas:  '^ IWYU pragma:'
+ConstructorInitializerAllOnOneLineOrOnePerLine: false
+ConstructorInitializerIndentWidth: 4
+ContinuationIndentWidth: 4
+Cpp11BracedListStyle: false
+DerivePointerAlignment: true
+DisableFormat:   false
+ExperimentalAutoDetectBinPacking: false
+ForEachMacros:   [ foreach, Q_FOREACH, BOOST_FOREACH ]
+IncludeCategories: 
+  - Regex:           '^"(llvm|llvm-c|clang|clang-c)/'
+    Priority:        2
+  - Regex:           '^(<|"(gtest|isl|json)/)'
+    Priority:        3
+  - Regex:           '.*'
+    Priority:        1
+IncludeIsMainRegex: '$'
+IndentCaseLabels: false
+IndentWidth:     4
+IndentWrappedFunctionNames: false
+JavaScriptQuotes: Leave
+JavaScriptWrapImports: true
+KeepEmptyLinesAtTheStartOfBlocks: false
+MacroBlockBegin: ''
+MacroBlockEnd:   ''
+MaxEmptyLinesToKeep: 1
+NamespaceIndentation: Inner
+ObjCBlockIndentWidth: 4
+ObjCSpaceAfterProperty: true
+ObjCSpaceBeforeProtocolList: true
+PenaltyBreakBeforeFirstCallParameter: 19
+PenaltyBreakComment: 300
+PenaltyBreakFirstLessLess: 120
+PenaltyBreakString: 1000
+PenaltyExcessCharacter: 1000000
+PenaltyReturnTypeOnItsOwnLine: 60
+PointerAlignment: Right
+ReflowComments:  true
+SortIncludes:    true
+SpaceAfterCStyleCast: true
+SpaceAfterTemplateKeyword: true
+SpaceBeforeAssignmentOperators: true
+SpaceBeforeParens: ControlStatements
+SpaceInEmptyParentheses: false
+SpacesBeforeTrailingComments: 1
+SpacesInAngles:  false
+SpacesInContainerLiterals: true
+SpacesInCStyleCastParentheses: false
+SpacesInParentheses: false
+SpacesInSquareBrackets: false
+Standard:        Cpp11
+TabWidth:        8
+UseTab:          Never
+...
+

data/vendor/libhydrogen/.gitignore

@@ -0,0 +1,32 @@
+*.bc
+*.cmake
+*.dSYM
+*.done
+*.final
+*.gcda
+*.gcno
+*.i
+*.la
+*.lo
+*.log
+*.mem
+*.nexe
+*.o
+*.plist
+*.scan
+*.sdf
+*.status
+*.su
+*.tar.*
+*~
+.DS_Store
+.deps
+.dirstamp
+.done
+.libs
+build.options.json
+coverage.info
+depcomp
+hydrogen-crypto.zip
+libhydrogen.a
+tests/tests

data/vendor/libhydrogen/.travis.yml

@@ -0,0 +1,22 @@
+sudo: false
+
+language: c
+
+os:
+ - linux
+
+compiler:
+ - clang
+ - gcc
+ - g++
+
+addons:
+  apt:
+    packages:
+      - p7zip-full
+
+script:
+ - make
+ - make test
+ - make clean
+ - make -f Makefile.arduino package

data/vendor/libhydrogen/LICENSE

@@ -0,0 +1,18 @@
+/*
+ * ISC License
+ *
+ * Copyright (c) 2017-2018
+ * Frank Denis <j at pureftpd dot org>
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */

data/vendor/libhydrogen/Makefile

@@ -0,0 +1,61 @@
+PREFIX ?= /usr/local
+WFLAGS ?= -Wall -Wextra -Wmissing-prototypes -Wdiv-by-zero -Wbad-function-cast -Wcast-align -Wcast-qual -Wfloat-equal -Wmissing-declarations -Wnested-externs -Wno-unknown-pragmas -Wpointer-arith -Wredundant-decls -Wstrict-prototypes -Wswitch-enum -Wno-type-limits
+CFLAGS ?= -Os -march=native -fno-exceptions $(WFLAGS)
+CFLAGS += -I.
+OBJ = hydrogen.o
+AR ?= ar
+RANLIB ?= ranlib
+
+SRC = \
+	hydrogen.c \
+	hydrogen.h \
+	impl/common.h \
+	impl/core.h \
+	impl/gimli-core.h \
+	impl/hash.h \
+	impl/hydrogen_p.h \
+	impl/kdf.h \
+	impl/kx.h \
+	impl/pwhash.h \
+	impl/random.h \
+	impl/secretbox.h \
+	impl/sign.h \
+	impl/x25519.h
+
+all: lib test
+
+lib: libhydrogen.a
+
+install: lib
+	mkdir -p $(PREFIX)/lib
+	install -o 0 -g 0 -m 0755 libhydrogen.a $(PREFIX)/lib 2> /dev/null || install -m 0755 libhydrogen.a $(PREFIX)/lib
+	mkdir -p $(PREFIX)/include
+	install -o 0 -g 0 -m 0644 hydrogen.h $(PREFIX)/include 2> /dev/null || install -m 0644 hydrogen.h $(PREFIX)/include
+	ldconfig 2> /dev/null || true
+
+uninstall:
+	rm -f $(PREFIX)/lib/libhydrogen.a
+	rm -f $(PREFIX)/include/hydrogen.h
+
+test: tests/tests
+	rm -f tests/tests.done
+	tests/tests && touch tests/tests.done
+
+tests/tests: $(SRC) tests/tests.c
+	$(CC) $(CFLAGS) -O3 -o tests/tests hydrogen.c tests/tests.c
+
+$(OBJ): $(SRC)
+
+libhydrogen.a: $(OBJ)
+	$(AR) -r $@ $^
+	$(RANLIB) $@
+
+.PHONY: clean
+
+clean:
+	rm -f libhydrogen.a $(OBJ)
+	rm -f tests/tests tests/*.done
+
+check: test
+
+distclean: clean

data/vendor/libhydrogen/Makefile.arduino

@@ -0,0 +1,51 @@
+TARGET_DEVICE ?= atmega328p
+HWTYPE ?= HYDRO_TARGET_DEVICE_ATMEGA328
+ARDUINO_HOME ?= /Applications/Arduino.app/Contents/Java
+ARDUINO_TOOLS ?= $(ARDUINO_HOME)/hardware/tools/avr/bin
+AR = $(ARDUINO_TOOLS)/avr-gcc-ar
+CC = $(ARDUINO_TOOLS)/avr-gcc
+RANLIB = $(ARDUINO_TOOLS)/avr-gcc-ranlib
+WFLAGS ?= -Wall -Wextra -Wmissing-prototypes -Wdiv-by-zero -Wbad-function-cast -Wcast-align -Wcast-qual -Wfloat-equal -Wmissing-declarations -Wnested-externs -Wno-unknown-pragmas -Wpointer-arith -Wredundant-decls -Wstrict-prototypes -Wswitch-enum -Wno-type-limits
+CFLAGS ?= -mmcu=$(TARGET_DEVICE) -Os -mcall-prologues -fno-exceptions -ffunction-sections -fdata-sections -flto $(WFLAGS)
+CFLAGS += -I. -I$(ARDUINO_HOME)/hardware/arduino/avr/cores/arduino -I$(ARDUINO_HOME)/hardware/arduino/avr/variants/standard
+CFLAGS += -DHYDRO_HWTYPE=$(HYDRO_HWTYPE)
+OBJ = hydrogen.o
+ARDUINO_PACKAGE ?= hydrogen-crypto.zip
+SRC = \
+	hydrogen.c \
+	hydrogen.h \
+	impl/common.h \
+	impl/core.h \
+	impl/gimli-core.h \
+	impl/hash.h \
+	impl/hydrogen_p.h \
+	impl/kdf.h \
+	impl/kx.h \
+	impl/pwhash.h \
+	impl/random.h \
+	impl/secretbox.h \
+	impl/sign.h \
+	impl/x25519.h \
+	impl/gimli-core/portable.h
+
+all: lib package
+
+package: $(ARDUINO_PACKAGE)
+
+$(ARDUINO_PACKAGE):
+	7z a -tzip -mx=9 -r $(ARDUINO_PACKAGE) $(SRC) library.properties
+
+lib: libhydrogen.a
+
+$(OBJ): $(SRC)
+
+libhydrogen.a: $(OBJ)
+	$(AR) -ar cr $@ $^
+	$(RANLIB) $@
+
+.PHONY: clean
+
+clean:
+	rm -f libhydrogen.a $(OBJ)
+	rm -f tests/tests
+	rm -f $(ARDUINO_PACKAGE)

data/vendor/libhydrogen/README.md

@@ -0,0 +1,29 @@
+[![Build Status](https://travis-ci.org/jedisct1/libhydrogen.svg?branch=master)](https://travis-ci.org/jedisct1/libhydrogen?branch=master)
+[![Coverity Scan Build Status](https://scan.coverity.com/projects/13315/badge.svg)](https://scan.coverity.com/projects/13315)
+
+![libhydrogen](https://raw.github.com/jedisct1/libhydrogen/master/logo.png)
+==============
+
+The Hydrogen library is a small, easy-to-use, hard-to-misuse cryptographic library.
+
+Features:
+- Consistent high-level API, inspired by libsodium. Instead of low-level primitives, it exposes simple functions to solve common problems that cryptography can solve.
+- 100% built using just two cryptographic building blocks: the [Curve25519](https://cr.yp.to/ecdh.html) elliptic curve, and the [Gimli](https://gimli.cr.yp.to/) permutation.
+- Small and easy to audit. Implemented as one tiny file for every set of operation, and adding a single `.c` file to your project is all it takes to use libhydrogen in your project.
+- The whole code is released under a single, very liberal license (ISC).
+- Zero dynamic memory allocations and low stack requirements (median: 32 bytes, max: 128 bytes). This makes it usable in constrained environments such as microcontrollers.
+- Portable: written in standard C99. Supports Linux, *BSD, MacOS, Windows, and the Arduino IDE out of the box.
+- Can generate cryptographically-secure random numbers, even on Arduino boards.
+- Attempts to mitigate the implications of accidental misuse, even on systems with an unreliable PRG and/or no clock.
+
+Non-goals:
+- Having multiple primitives serving the same purpose, even to provide compatibility with other libraries.
+- Networking -- but a simple key exchange API based on the Noise protocol is available, and a STROBE-based transport API will be implemented.
+- Interoperability with other libraries.
+- Replacing libsodium. Libhydrogen tries to keep the number of APIs and the code size down to a minimum.
+
+# [Libhydrogen documentation](https://github.com/jedisct1/libhydrogen/wiki)
+
+The documentation is maintained in the [libhydrogen wiki](https://github.com/jedisct1/libhydrogen/wiki).
+
+The legacy libhydrogen code (leveraging XChaCha20, SipHashX, BLAKE2SX, Curve25519) remains available in the [v0 branch](https://github.com/jedisct1/libhydrogen/tree/v0).

data/vendor/libhydrogen/hydrogen.c

@@ -0,0 +1,18 @@
+#include "hydrogen.h"
+
+#include "impl/common.h"
+#include "impl/hydrogen_p.h"
+
+#include "impl/core.h"
+#include "impl/gimli-core.h"
+#include "impl/random.h"
+
+#include "impl/hash.h"
+#include "impl/kdf.h"
+#include "impl/secretbox.h"
+
+#include "impl/x25519.h"
+
+#include "impl/kx.h"
+#include "impl/pwhash.h"
+#include "impl/sign.h"