ffi-libsodium 0.0.9 → 0.1.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +1 -1
- data/lib/crypto/aead/chacha20_poly1305.rb +3 -4
- data/lib/crypto/auth.rb +3 -4
- data/lib/crypto/box.rb +13 -7
- data/lib/crypto/generic_hash.rb +6 -9
- data/lib/crypto/one_time_auth.rb +5 -8
- data/lib/crypto/pw_hash/scrypt_salsa208_sha256.rb +8 -13
- data/lib/crypto/scalar_mult.rb +2 -1
- data/lib/crypto/secret_box.rb +5 -5
- data/lib/crypto/short_hash.rb +2 -2
- data/lib/crypto/sign.rb +13 -6
- data/lib/crypto/sign/ed25519.rb +2 -1
- data/lib/random_bytes.rb +1 -1
- data/lib/sodium.rb +5 -5
- data/lib/sodium/buffer.rb +2 -0
- data/lib/sodium/secret_buffer.rb +15 -18
- data/lib/sodium/utils.rb +3 -3
- data/lib/sodium/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: ead53faf6d5782f67d70043e224ded1177881f6d
|
|
4
|
+
data.tar.gz: 51467dd63043a45e209597485caf46994c3ce04e
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 31b2073dbb29f12e2c45ca3a0579888c4062e17d8e24a553a3d00ac4715b0d783f45be3216cc125e11c5b08718345689cb0e00ce90531462537cdabceeaf90c4
|
|
7
|
+
data.tar.gz: 1f3b6439bfd1586bb03433b63228cae955f9f4919d54ccce2542c2c8719c21b372569577ca473f0f809bb7f029dee41b8bed08e51442f5db04407c834b39a3a4
|
data/README.md
CHANGED
|
@@ -14,7 +14,7 @@ require 'libsodium'
|
|
|
14
14
|
password = 'test123'
|
|
15
15
|
|
|
16
16
|
salt = Crypto::PwHash::ScryptSalsa208SHA256.salt
|
|
17
|
-
key = Crypto::PwHash.scryptsalsa208sha256(
|
|
17
|
+
key = Crypto::PwHash.scryptsalsa208sha256(Crypto::Auth::KEYBYTES, password, salt)
|
|
18
18
|
mac = Crypto.auth(password, key)
|
|
19
19
|
|
|
20
20
|
puts Crypto::Auth.verify(mac, password, key)
|
|
@@ -42,13 +42,13 @@ module Crypto
|
|
|
42
42
|
|
|
43
43
|
def encrypt(message, additional_data, nonce, key)
|
|
44
44
|
message_len = get_size(message)
|
|
45
|
-
additional_data_len = get_size(additional_data)
|
|
46
45
|
check_length(nonce, NPUBBYTES, :Nonce)
|
|
47
46
|
check_length(key, KEYBYTES, :SecretKey)
|
|
48
47
|
|
|
49
48
|
ciphertext = Sodium::Buffer.new(:uchar, message_len + ABYTES)
|
|
49
|
+
ciphertext.primitive = PRIMITIVE
|
|
50
50
|
key.readonly if key.is_a?(Sodium::SecretBuffer)
|
|
51
|
-
crypto_aead_chacha20poly1305_encrypt(ciphertext, nil, message, message_len, additional_data,
|
|
51
|
+
crypto_aead_chacha20poly1305_encrypt(ciphertext, nil, message, message_len, additional_data, get_size(additional_data), nil, nonce, key)
|
|
52
52
|
|
|
53
53
|
ciphertext
|
|
54
54
|
ensure
|
|
@@ -59,13 +59,12 @@ module Crypto
|
|
|
59
59
|
unless ((ciphertext_len = get_size(ciphertext)) - ABYTES) > 0
|
|
60
60
|
fail Sodium::LengthError, "Ciphertext is too short", caller
|
|
61
61
|
end
|
|
62
|
-
additional_data_len = get_size(additional_data)
|
|
63
62
|
check_length(nonce, NPUBBYTES, :Nonce)
|
|
64
63
|
check_length(key, KEYBYTES, :SecretKey)
|
|
65
64
|
|
|
66
65
|
decrypted = Sodium::Buffer.new(:uchar, ciphertext_len - ABYTES)
|
|
67
66
|
key.readonly if key.is_a?(Sodium::SecretBuffer)
|
|
68
|
-
|
|
67
|
+
unless crypto_aead_chacha20poly1305_decrypt(decrypted, nil, nil, ciphertext, ciphertext_len, additional_data, get_size(additional_data), nonce, key).zero?
|
|
69
68
|
raise Sodium::CryptoError, "Message forged", caller
|
|
70
69
|
end
|
|
71
70
|
|
data/lib/crypto/auth.rb
CHANGED
|
@@ -24,12 +24,12 @@ module Crypto
|
|
|
24
24
|
module_function
|
|
25
25
|
|
|
26
26
|
def auth(message, key)
|
|
27
|
-
message_len = get_size(message)
|
|
28
27
|
check_length(key, KEYBYTES, :SecretKey)
|
|
29
28
|
|
|
30
29
|
mac = Sodium::Buffer.new(:uchar, BYTES)
|
|
30
|
+
mac.primitive = PRIMITIVE
|
|
31
31
|
key.readonly if key.is_a?(Sodium::SecretBuffer)
|
|
32
|
-
crypto_auth(mac, message,
|
|
32
|
+
crypto_auth(mac, message, get_size(message), key)
|
|
33
33
|
|
|
34
34
|
mac
|
|
35
35
|
ensure
|
|
@@ -38,11 +38,10 @@ module Crypto
|
|
|
38
38
|
|
|
39
39
|
def verify(mac, message, key)
|
|
40
40
|
check_length(mac, BYTES, :Mac)
|
|
41
|
-
message_len = get_size(message)
|
|
42
41
|
check_length(key, KEYBYTES, :SecretKey)
|
|
43
42
|
|
|
44
43
|
key.readonly if key.is_a?(Sodium::SecretBuffer)
|
|
45
|
-
crypto_auth_verify(mac, message,
|
|
44
|
+
crypto_auth_verify(mac, message, get_size(message), key).zero?
|
|
46
45
|
ensure
|
|
47
46
|
key.noaccess if key.is_a?(Sodium::SecretBuffer)
|
|
48
47
|
end
|
data/lib/crypto/box.rb
CHANGED
|
@@ -45,7 +45,9 @@ module Crypto
|
|
|
45
45
|
|
|
46
46
|
def keypair
|
|
47
47
|
public_key = Sodium::Buffer.new(:uchar, PUBLICKEYBYTES)
|
|
48
|
+
public_key.primitive = PRIMITIVE
|
|
48
49
|
secret_key = Sodium::Buffer.new(:uchar, SECRETKEYBYTES)
|
|
50
|
+
secret_key.primitive = PRIMITIVE
|
|
49
51
|
crypto_box_keypair(public_key, secret_key)
|
|
50
52
|
|
|
51
53
|
[public_key, secret_key]
|
|
@@ -55,7 +57,9 @@ module Crypto
|
|
|
55
57
|
check_length(seed, SEEDBYTES, :Seed)
|
|
56
58
|
|
|
57
59
|
public_key = Sodium::Buffer.new(:uchar, PUBLICKEYBYTES)
|
|
60
|
+
public_key.primitive = PRIMITIVE
|
|
58
61
|
secret_key = Sodium::Buffer.new(:uchar, SECRETKEYBYTES)
|
|
62
|
+
secret_key.primitive = PRIMITIVE
|
|
59
63
|
seed.readonly if seed.is_a?(Sodium::SecretBuffer)
|
|
60
64
|
crypto_box_seed_keypair(public_key, secret_key, seed)
|
|
61
65
|
|
|
@@ -66,7 +70,8 @@ module Crypto
|
|
|
66
70
|
|
|
67
71
|
def memory_locked_keypair
|
|
68
72
|
public_key = Sodium::Buffer.new(:uchar, PUBLICKEYBYTES)
|
|
69
|
-
|
|
73
|
+
public_key.primitive = PRIMITIVE
|
|
74
|
+
secret_key = Sodium::SecretBuffer.new(SECRETKEYBYTES, PRIMITIVE)
|
|
70
75
|
crypto_box_keypair(public_key, secret_key)
|
|
71
76
|
secret_key.noaccess
|
|
72
77
|
|
|
@@ -77,7 +82,8 @@ module Crypto
|
|
|
77
82
|
check_length(seed, SEEDBYTES, :Seed)
|
|
78
83
|
|
|
79
84
|
public_key = Sodium::Buffer.new(:uchar, PUBLICKEYBYTES)
|
|
80
|
-
|
|
85
|
+
public_key.primitive = PRIMITIVE
|
|
86
|
+
secret_key = Sodium::SecretBuffer.new(SECRETKEYBYTES, PRIMITIVE)
|
|
81
87
|
seed.readonly if seed.is_a?(Sodium::SecretBuffer)
|
|
82
88
|
crypto_box_seed_keypair(public_key, secret_key, seed)
|
|
83
89
|
secret_key.noaccess
|
|
@@ -94,6 +100,7 @@ module Crypto
|
|
|
94
100
|
check_length(secret_key, SECRETKEYBYTES, :SecretKey)
|
|
95
101
|
|
|
96
102
|
ciphertext = Sodium::Buffer.new(:uchar, message_len + MACBYTES)
|
|
103
|
+
ciphertext.primitive = PRIMITIVE
|
|
97
104
|
secret_key.readonly if secret_key.is_a?(Sodium::SecretBuffer)
|
|
98
105
|
crypto_box_easy(ciphertext, message, message_len, nonce, public_key, secret_key)
|
|
99
106
|
|
|
@@ -110,7 +117,7 @@ module Crypto
|
|
|
110
117
|
|
|
111
118
|
decrypted = Sodium::Buffer.new(:uchar, ciphertext_len - MACBYTES)
|
|
112
119
|
secret_key.readonly if secret_key.is_a?(Sodium::SecretBuffer)
|
|
113
|
-
|
|
120
|
+
unless crypto_box_open_easy(decrypted, ciphertext, ciphertext_len, nonce, public_key, secret_key).zero?
|
|
114
121
|
raise Sodium::CryptoError, "Message forged", caller
|
|
115
122
|
end
|
|
116
123
|
|
|
@@ -125,10 +132,9 @@ module Crypto
|
|
|
125
132
|
check_length(public_key, PUBLICKEYBYTES, :PublicKey)
|
|
126
133
|
check_length(secret_key, SECRETKEYBYTES, :SecretKey)
|
|
127
134
|
|
|
128
|
-
message_len = message.bytesize
|
|
129
135
|
message << zeros(MACBYTES)
|
|
130
136
|
secret_key.readonly if secret_key.is_a?(Sodium::SecretBuffer)
|
|
131
|
-
crypto_box_easy(message, message,
|
|
137
|
+
crypto_box_easy(message, message, get_size(message), nonce, public_key, secret_key)
|
|
132
138
|
|
|
133
139
|
message
|
|
134
140
|
ensure
|
|
@@ -137,7 +143,7 @@ module Crypto
|
|
|
137
143
|
|
|
138
144
|
def open_easy_in_place(data, nonce, public_key, secret_key, utf8 = false)
|
|
139
145
|
ciphertext = get_string(data)
|
|
140
|
-
unless (message_len = ciphertext
|
|
146
|
+
unless (message_len = get_size(ciphertext) - MACBYTES) > 0
|
|
141
147
|
fail Sodium::LengthError, "Ciphertext is too short", caller
|
|
142
148
|
end
|
|
143
149
|
|
|
@@ -146,7 +152,7 @@ module Crypto
|
|
|
146
152
|
check_length(secret_key, SECRETKEYBYTES, :SecretKey)
|
|
147
153
|
|
|
148
154
|
secret_key.readonly if secret_key.is_a?(Sodium::SecretBuffer)
|
|
149
|
-
|
|
155
|
+
unless crypto_box_open_easy(ciphertext, ciphertext, ciphertext.bytesize, nonce, public_key, secret_key).zero?
|
|
150
156
|
raise Sodium::CryptoError, "Message forged", caller
|
|
151
157
|
end
|
|
152
158
|
|
data/lib/crypto/generic_hash.rb
CHANGED
|
@@ -46,7 +46,6 @@ module Crypto
|
|
|
46
46
|
module_function
|
|
47
47
|
|
|
48
48
|
def generichash(message, hash_size = BYTES, key = nil)
|
|
49
|
-
message_len = get_size(message)
|
|
50
49
|
if hash_size > BYTES_MAX ||hash_size < BYTES_MIN
|
|
51
50
|
fail Sodium::LengthError, "Hash size must be between #{BYTES_MIN} and #{BYTES_MAX} bytes, got size=#{hash_size.to_int} bytes", caller
|
|
52
51
|
end
|
|
@@ -62,8 +61,9 @@ module Crypto
|
|
|
62
61
|
end
|
|
63
62
|
|
|
64
63
|
blake2b = Sodium::Buffer.new(:uchar, hash_size)
|
|
64
|
+
blake2b.primitive = PRIMITIVE
|
|
65
65
|
key.readonly if key.is_a?(Sodium::SecretBuffer)
|
|
66
|
-
|
|
66
|
+
unless crypto_generichash(blake2b, hash_size, message, get_size(message), key, key_len).zero?
|
|
67
67
|
raise Sodium::CryptoError
|
|
68
68
|
end
|
|
69
69
|
|
|
@@ -89,9 +89,10 @@ module Crypto
|
|
|
89
89
|
|
|
90
90
|
state = State.new
|
|
91
91
|
blake2b = Sodium::Buffer.new(:uchar, hash_size)
|
|
92
|
+
blake2b.primitive = PRIMITIVE
|
|
92
93
|
key.readonly if key.is_a?(Sodium::SecretBuffer)
|
|
93
94
|
|
|
94
|
-
|
|
95
|
+
unless crypto_generichash_init(state, key, key_len, hash_size).zero?
|
|
95
96
|
raise Sodium::CryptoError
|
|
96
97
|
end
|
|
97
98
|
|
|
@@ -101,17 +102,13 @@ module Crypto
|
|
|
101
102
|
end
|
|
102
103
|
|
|
103
104
|
def update(state, message)
|
|
104
|
-
|
|
105
|
-
|
|
106
|
-
if crypto_generichash_update(state, message, message_len) == -1
|
|
105
|
+
unless crypto_generichash_update(state, message, get_size(message)).zero?
|
|
107
106
|
raise Sodium::CryptoError
|
|
108
107
|
end
|
|
109
108
|
end
|
|
110
109
|
|
|
111
110
|
def final(state, blake2b)
|
|
112
|
-
|
|
113
|
-
|
|
114
|
-
if crypto_generichash_final(state, blake2b, blake2b.size) == -1
|
|
111
|
+
unless crypto_generichash_final(state, blake2b, blake2b.size).zero?
|
|
115
112
|
raise Sodium::CryptoError
|
|
116
113
|
end
|
|
117
114
|
|
data/lib/crypto/one_time_auth.rb
CHANGED
|
@@ -33,12 +33,12 @@ module Crypto
|
|
|
33
33
|
module_function
|
|
34
34
|
|
|
35
35
|
def onetimeauth(message, key)
|
|
36
|
-
message_len = get_size(message)
|
|
37
36
|
check_length(key, KEYBYTES, :SecretKey)
|
|
38
37
|
|
|
39
38
|
out = Sodium::Buffer.new(:uchar, BYTES)
|
|
39
|
+
out.primitive = PRIMITIVE
|
|
40
40
|
key.readonly if key.is_a?(Sodium::SecretBuffer)
|
|
41
|
-
crypto_onetimeauth(out, message,
|
|
41
|
+
crypto_onetimeauth(out, message, get_size(message), key)
|
|
42
42
|
|
|
43
43
|
out
|
|
44
44
|
ensure
|
|
@@ -51,9 +51,7 @@ module Crypto
|
|
|
51
51
|
check_length(key, KEYBYTES, :SecretKey)
|
|
52
52
|
|
|
53
53
|
key.readonly if key.is_a?(Sodium::SecretBuffer)
|
|
54
|
-
crypto_onetimeauth_verify(out, message,
|
|
55
|
-
|
|
56
|
-
rc == 0
|
|
54
|
+
crypto_onetimeauth_verify(out, message, get_size(message), key).zero?
|
|
57
55
|
ensure
|
|
58
56
|
key.noaccess if key.is_a?(Sodium::SecretBuffer)
|
|
59
57
|
end
|
|
@@ -71,13 +69,12 @@ module Crypto
|
|
|
71
69
|
end
|
|
72
70
|
|
|
73
71
|
def update(state, message)
|
|
74
|
-
|
|
75
|
-
|
|
76
|
-
crypto_onetimeauth_update(state, message, message_len)
|
|
72
|
+
crypto_onetimeauth_update(state, message, get_size(message))
|
|
77
73
|
end
|
|
78
74
|
|
|
79
75
|
def final(state)
|
|
80
76
|
out = Sodium::Buffer.new(:uchar, BYTES)
|
|
77
|
+
out.primitive = PRIMITIVE
|
|
81
78
|
crypto_onetimeauth_final(state, out)
|
|
82
79
|
|
|
83
80
|
out
|
|
@@ -7,7 +7,6 @@ require_relative '../../sodium/secret_buffer'
|
|
|
7
7
|
module Crypto
|
|
8
8
|
module PwHash
|
|
9
9
|
module ScryptSalsa208SHA256
|
|
10
|
-
PACK_C = 'c*'.freeze
|
|
11
10
|
PRIMITIVE = 'scryptsalsa208sha256'.freeze
|
|
12
11
|
|
|
13
12
|
extend FFI::Library
|
|
@@ -50,7 +49,7 @@ module Crypto
|
|
|
50
49
|
end
|
|
51
50
|
|
|
52
51
|
def scryptsalsa208sha256(outlen, passwd, salt, opslimit = OPSLIMIT_INTERACTIVE, memlimit = MEMLIMIT_INTERACTIVE)
|
|
53
|
-
|
|
52
|
+
out = nil
|
|
54
53
|
check_length(salt, SALTBYTES, :Salt)
|
|
55
54
|
if opslimit < OPSLIMIT_INTERACTIVE
|
|
56
55
|
fail Sodium::LengthError, "Opslimit must be at least #{OPSLIMIT_INTERACTIVE}, got #{opslimit.to_int}", caller
|
|
@@ -59,18 +58,17 @@ module Crypto
|
|
|
59
58
|
fail Sodium::LengthError, "Memlimit must be at least #{MEMLIMIT_INTERACTIVE}, got #{memlimit.to_int}", caller
|
|
60
59
|
end
|
|
61
60
|
|
|
62
|
-
out = Sodium::SecretBuffer.new(outlen)
|
|
63
|
-
|
|
64
|
-
out.noaccess
|
|
65
|
-
if rc == -1
|
|
61
|
+
out = Sodium::SecretBuffer.new(outlen, PRIMITIVE)
|
|
62
|
+
unless crypto_pwhash_scryptsalsa208sha256(out, outlen, passwd, get_size(passwd), salt, opslimit, memlimit).zero?
|
|
66
63
|
raise NoMemoryError, "Failed to allocate memory max size=#{memlimit.to_int} bytes", caller
|
|
67
64
|
end
|
|
68
65
|
|
|
69
66
|
out
|
|
67
|
+
ensure
|
|
68
|
+
out.noaccess if out
|
|
70
69
|
end
|
|
71
70
|
|
|
72
71
|
def str(passwd, opslimit = OPSLIMIT_INTERACTIVE, memlimit = MEMLIMIT_INTERACTIVE)
|
|
73
|
-
passwd_len = get_size(passwd)
|
|
74
72
|
if opslimit < OPSLIMIT_INTERACTIVE
|
|
75
73
|
fail Sodium::LengthError, "Opslimit must be at least #{OPSLIMIT_INTERACTIVE}, got #{opslimit.to_int}", caller
|
|
76
74
|
end
|
|
@@ -79,18 +77,15 @@ module Crypto
|
|
|
79
77
|
end
|
|
80
78
|
|
|
81
79
|
hashed_password = FFI::MemoryPointer.new(:char, STRBYTES)
|
|
82
|
-
|
|
80
|
+
unless crypto_pwhash_scryptsalsa208sha256_str(hashed_password, passwd, get_size(passwd), opslimit, memlimit).zero?
|
|
83
81
|
raise NoMemoryError, "Failed to allocate memory max size=#{memlimit.to_int} bytes", caller
|
|
84
82
|
end
|
|
85
83
|
|
|
86
|
-
hashed_password.
|
|
84
|
+
hashed_password.get_string(0)
|
|
87
85
|
end
|
|
88
86
|
|
|
89
87
|
def str_verify(str, passwd)
|
|
90
|
-
|
|
91
|
-
passwd_len = get_size(passwd)
|
|
92
|
-
|
|
93
|
-
crypto_pwhash_scryptsalsa208sha256_str_verify(str, passwd, passwd_len) == 0
|
|
88
|
+
crypto_pwhash_scryptsalsa208sha256_str_verify(str, passwd, get_size(passwd)).zero?
|
|
94
89
|
end
|
|
95
90
|
end
|
|
96
91
|
|
data/lib/crypto/scalar_mult.rb
CHANGED
|
@@ -27,6 +27,7 @@ module Crypto
|
|
|
27
27
|
check_length(secret_key, SCALARBYTES, :SecretKey)
|
|
28
28
|
|
|
29
29
|
public_key = Sodium::Buffer.new(:uchar, BYTES)
|
|
30
|
+
public_key.primitive = PRIMITIVE
|
|
30
31
|
secret_key.readonly if secret_key.is_a?(Sodium::SecretBuffer)
|
|
31
32
|
crypto_scalarmult_base(public_key, secret_key)
|
|
32
33
|
|
|
@@ -39,7 +40,7 @@ module Crypto
|
|
|
39
40
|
check_length(secret_key, SCALARBYTES, :SecretKey)
|
|
40
41
|
check_length(public_key, BYTES, :PublicKey)
|
|
41
42
|
|
|
42
|
-
shared_secret = Sodium::SecretBuffer.new(BYTES)
|
|
43
|
+
shared_secret = Sodium::SecretBuffer.new(BYTES, PRIMITIVE)
|
|
43
44
|
secret_key.readonly if secret_key.is_a?(Sodium::SecretBuffer)
|
|
44
45
|
crypto_scalarmult(shared_secret, secret_key, public_key)
|
|
45
46
|
shared_secret.noaccess
|
data/lib/crypto/secret_box.rb
CHANGED
|
@@ -37,6 +37,7 @@ module Crypto
|
|
|
37
37
|
check_length(key, KEYBYTES, :SecretKey)
|
|
38
38
|
|
|
39
39
|
ciphertext = Sodium::Buffer.new(:uchar, message_len + MACBYTES)
|
|
40
|
+
ciphertext.primitive = PRIMITIVE
|
|
40
41
|
key.readonly if key.is_a?(Sodium::SecretBuffer)
|
|
41
42
|
crypto_secretbox_easy(ciphertext, message, message_len, nonce, key)
|
|
42
43
|
|
|
@@ -53,7 +54,7 @@ module Crypto
|
|
|
53
54
|
decrypted = Sodium::Buffer.new(:uchar, ciphertext_len - MACBYTES)
|
|
54
55
|
key.readonly if key.is_a?(Sodium::SecretBuffer)
|
|
55
56
|
|
|
56
|
-
|
|
57
|
+
unless crypto_secretbox_open_easy(decrypted, ciphertext, ciphertext_len, nonce, key).zero?
|
|
57
58
|
raise Sodium::CryptoError, "Message forged", caller
|
|
58
59
|
end
|
|
59
60
|
|
|
@@ -67,10 +68,9 @@ module Crypto
|
|
|
67
68
|
check_length(nonce, NONCEBYTES, :Nonce)
|
|
68
69
|
check_length(key, KEYBYTES, :SecretKey)
|
|
69
70
|
|
|
70
|
-
message_len = message.bytesize
|
|
71
71
|
message << zeros(MACBYTES)
|
|
72
72
|
key.readonly if key.is_a?(Sodium::SecretBuffer)
|
|
73
|
-
crypto_secretbox_easy(message, message,
|
|
73
|
+
crypto_secretbox_easy(message, message, get_size(message), nonce, key)
|
|
74
74
|
|
|
75
75
|
message
|
|
76
76
|
ensure
|
|
@@ -79,7 +79,7 @@ module Crypto
|
|
|
79
79
|
|
|
80
80
|
def open_easy_in_place(data, nonce, key, utf8 = false)
|
|
81
81
|
ciphertext = get_string(data)
|
|
82
|
-
unless (message_len = ciphertext
|
|
82
|
+
unless (message_len = get_size(ciphertext) - MACBYTES) > 0
|
|
83
83
|
fail Sodium::LengthError, "Ciphertext is too short", caller
|
|
84
84
|
end
|
|
85
85
|
|
|
@@ -87,7 +87,7 @@ module Crypto
|
|
|
87
87
|
check_length(key, KEYBYTES, :SecretKey)
|
|
88
88
|
|
|
89
89
|
key.readonly if key.is_a?(Sodium::SecretBuffer)
|
|
90
|
-
|
|
90
|
+
unless crypto_secretbox_open_easy(ciphertext, ciphertext, ciphertext.bytesize, nonce, key).zero?
|
|
91
91
|
raise Sodium::CryptoError, "Message forged", caller
|
|
92
92
|
end
|
|
93
93
|
|
data/lib/crypto/short_hash.rb
CHANGED
|
@@ -23,12 +23,12 @@ module Crypto
|
|
|
23
23
|
module_function
|
|
24
24
|
|
|
25
25
|
def shorthash(short_data, key)
|
|
26
|
-
short_data_len = get_size(short_data)
|
|
27
26
|
check_length(key, KEYBYTES, :SecretKey)
|
|
28
27
|
|
|
29
28
|
siphash = Sodium::Buffer.new(:uchar, BYTES)
|
|
29
|
+
siphash.primitive = PRIMITIVE
|
|
30
30
|
key.readonly if key.is_a?(Sodium::SecretBuffer)
|
|
31
|
-
crypto_shorthash(siphash, short_data,
|
|
31
|
+
crypto_shorthash(siphash, short_data, get_size(short_data), key)
|
|
32
32
|
|
|
33
33
|
siphash
|
|
34
34
|
ensure
|
data/lib/crypto/sign.rb
CHANGED
|
@@ -26,14 +26,16 @@ module Crypto
|
|
|
26
26
|
attach_function :crypto_sign_keypair, [:buffer_out, :buffer_out], :int, blocking: true
|
|
27
27
|
attach_function :crypto_sign_seed_keypair, [:buffer_out, :buffer_out, :buffer_in], :int, blocking: true
|
|
28
28
|
|
|
29
|
-
attach_function :crypto_sign, [:buffer_out, :
|
|
30
|
-
attach_function :crypto_sign_open, [:buffer_out, :
|
|
29
|
+
attach_function :crypto_sign, [:buffer_out, :pointer, :buffer_in, :ulong_long, :buffer_in], :int, blocking: true
|
|
30
|
+
attach_function :crypto_sign_open, [:buffer_out, :pointer, :buffer_in, :ulong_long, :buffer_in], :int, blocking: true
|
|
31
31
|
|
|
32
32
|
module_function
|
|
33
33
|
|
|
34
34
|
def keypair
|
|
35
35
|
public_key = Sodium::Buffer.new(:uchar, PUBLICKEYBYTES)
|
|
36
|
+
public_key.primitive = PRIMITIVE
|
|
36
37
|
secret_key = Sodium::Buffer.new(:uchar, SECRETKEYBYTES)
|
|
38
|
+
secret_key.primitive = PRIMITIVE
|
|
37
39
|
crypto_sign_keypair(public_key, secret_key)
|
|
38
40
|
|
|
39
41
|
[public_key, secret_key]
|
|
@@ -43,7 +45,9 @@ module Crypto
|
|
|
43
45
|
check_length(seed, SEEDBYTES, :Seed)
|
|
44
46
|
|
|
45
47
|
public_key = Sodium::Buffer.new(:uchar, PUBLICKEYBYTES)
|
|
48
|
+
public_key.primitive = PRIMITIVE
|
|
46
49
|
secret_key = Sodium::Buffer.new(:uchar, SECRETKEYBYTES)
|
|
50
|
+
secret_key.primitive = PRIMITIVE
|
|
47
51
|
seed.readonly if seed.is_a?(Sodium::SecretBuffer)
|
|
48
52
|
crypto_sign_seed_keypair(public_key, secret_key, seed)
|
|
49
53
|
|
|
@@ -54,7 +58,8 @@ module Crypto
|
|
|
54
58
|
|
|
55
59
|
def memory_locked_keypair
|
|
56
60
|
public_key = Sodium::Buffer.new(:uchar, PUBLICKEYBYTES)
|
|
57
|
-
|
|
61
|
+
public_key.primitive = PRIMITIVE
|
|
62
|
+
secret_key = Sodium::SecretBuffer.new(SECRETKEYBYTES, PRIMITIVE)
|
|
58
63
|
crypto_sign_keypair(public_key, secret_key)
|
|
59
64
|
secret_key.noaccess
|
|
60
65
|
|
|
@@ -65,7 +70,8 @@ module Crypto
|
|
|
65
70
|
check_length(seed, SEEDBYTES, :Seed)
|
|
66
71
|
|
|
67
72
|
public_key = Sodium::Buffer.new(:uchar, PUBLICKEYBYTES)
|
|
68
|
-
|
|
73
|
+
public_key.primitive = PRIMITIVE
|
|
74
|
+
secret_key = Sodium::SecretBuffer.new(SECRETKEYBYTES, PRIMITIVE)
|
|
69
75
|
seed.readonly if seed.is_a?(Sodium::SecretBuffer)
|
|
70
76
|
crypto_sign_seed_keypair(public_key, secret_key, seed)
|
|
71
77
|
secret_key.noaccess
|
|
@@ -80,6 +86,7 @@ module Crypto
|
|
|
80
86
|
check_length(secret_key, SECRETKEYBYTES, :SecretKey)
|
|
81
87
|
|
|
82
88
|
sealed_message = Sodium::Buffer.new(:uchar, message_len + BYTES)
|
|
89
|
+
sealed_message.primitive = PRIMITIVE
|
|
83
90
|
secret_key.readonly if secret_key.is_a?(Sodium::SecretBuffer)
|
|
84
91
|
crypto_sign(sealed_message, nil, message, message_len, secret_key)
|
|
85
92
|
|
|
@@ -93,8 +100,8 @@ module Crypto
|
|
|
93
100
|
check_length(public_key, PUBLICKEYBYTES, :PublicKey)
|
|
94
101
|
|
|
95
102
|
unsealed_message = Sodium::Buffer.new(:uchar, sealed_message_len - BYTES)
|
|
96
|
-
unsealed_message_len = FFI::MemoryPointer.new(:
|
|
97
|
-
|
|
103
|
+
unsealed_message_len = FFI::MemoryPointer.new(:pointer)
|
|
104
|
+
unless crypto_sign_open(unsealed_message, unsealed_message_len, sealed_message, sealed_message_len, public_key).zero?
|
|
98
105
|
raise Sodium::CryptoError, "Incorrect signature", caller
|
|
99
106
|
end
|
|
100
107
|
|
data/lib/crypto/sign/ed25519.rb
CHANGED
|
@@ -47,10 +47,11 @@ module Crypto
|
|
|
47
47
|
curve25519_sk = Sodium::SecretBuffer.new(ScalarMult::BYTES)
|
|
48
48
|
secret_key.readonly if secret_key.is_a?(Sodium::SecretBuffer)
|
|
49
49
|
crypto_sign_ed25519_sk_to_curve25519(curve25519_sk, secret_key)
|
|
50
|
-
secret_key.noaccess if secret_key.is_a?(Sodium::SecretBuffer)
|
|
51
50
|
curve25519_sk.noaccess
|
|
52
51
|
|
|
53
52
|
curve25519_sk
|
|
53
|
+
ensure
|
|
54
|
+
secret_key.noaccess if secret_key.is_a?(Sodium::SecretBuffer)
|
|
54
55
|
end
|
|
55
56
|
end
|
|
56
57
|
end
|
data/lib/random_bytes.rb
CHANGED
data/lib/sodium.rb
CHANGED
|
@@ -24,13 +24,13 @@ module Sodium
|
|
|
24
24
|
module_function
|
|
25
25
|
|
|
26
26
|
def mlock(addr, len)
|
|
27
|
-
|
|
27
|
+
unless sodium_mlock(addr, len).zero?
|
|
28
28
|
raise MemoryError, "Could not lock length=#{len.to_int} bytes memory at address=#{addr.address}", caller
|
|
29
29
|
end
|
|
30
30
|
end
|
|
31
31
|
|
|
32
32
|
def munlock(addr, len)
|
|
33
|
-
|
|
33
|
+
unless sodium_munlock(addr, len).zero?
|
|
34
34
|
raise MemoryError, "Could not unlock length=#{len.to_int} bytes memory at address=#{addr.address}", caller
|
|
35
35
|
end
|
|
36
36
|
end
|
|
@@ -50,19 +50,19 @@ module Sodium
|
|
|
50
50
|
end
|
|
51
51
|
|
|
52
52
|
def noaccess(ptr)
|
|
53
|
-
|
|
53
|
+
unless sodium_mprotect_noaccess(ptr).zero?
|
|
54
54
|
raise MemoryError, "Memory at address=#{ptr.address} is not secured with #{self}.malloc", caller
|
|
55
55
|
end
|
|
56
56
|
end
|
|
57
57
|
|
|
58
58
|
def readonly(ptr)
|
|
59
|
-
|
|
59
|
+
unless sodium_mprotect_readonly(ptr).zero?
|
|
60
60
|
raise MemoryError, "Memory at address=#{ptr.address} is not secured with #{self}.malloc", caller
|
|
61
61
|
end
|
|
62
62
|
end
|
|
63
63
|
|
|
64
64
|
def readwrite(ptr)
|
|
65
|
-
|
|
65
|
+
unless sodium_mprotect_readwrite(ptr).zero?
|
|
66
66
|
raise MemoryError, "Memory at address=#{ptr.address} is not secured with #{self}.malloc", caller
|
|
67
67
|
end
|
|
68
68
|
end
|
data/lib/sodium/buffer.rb
CHANGED
data/lib/sodium/secret_buffer.rb
CHANGED
|
@@ -7,53 +7,50 @@ module Sodium
|
|
|
7
7
|
class SecretBuffer
|
|
8
8
|
extend Forwardable
|
|
9
9
|
|
|
10
|
-
|
|
10
|
+
attr_reader :size, :primitive, :to_ptr
|
|
11
|
+
def_delegators :to_ptr, :address, :to_i
|
|
11
12
|
|
|
12
|
-
|
|
13
|
-
|
|
14
|
-
def initialize(size)
|
|
13
|
+
def initialize(size, primitive = nil)
|
|
15
14
|
@size = Utils.get_int(size)
|
|
16
|
-
@
|
|
15
|
+
@primitive = primitive
|
|
16
|
+
@to_ptr = Sodium.malloc(self.size)
|
|
17
17
|
setup_finalizer
|
|
18
18
|
end
|
|
19
19
|
|
|
20
|
-
def to_ptr
|
|
21
|
-
@buffer
|
|
22
|
-
end
|
|
23
|
-
|
|
24
20
|
def free
|
|
25
21
|
remove_finalizer
|
|
26
22
|
readwrite
|
|
27
|
-
Sodium.free(
|
|
28
|
-
@size = @
|
|
23
|
+
Sodium.free(to_ptr)
|
|
24
|
+
@size = @primitive = @to_ptr = nil
|
|
29
25
|
end
|
|
30
26
|
|
|
31
27
|
def noaccess
|
|
32
|
-
Sodium.noaccess(
|
|
28
|
+
Sodium.noaccess(to_ptr)
|
|
33
29
|
end
|
|
34
30
|
|
|
35
31
|
def readonly
|
|
36
|
-
Sodium.readonly(
|
|
32
|
+
Sodium.readonly(to_ptr)
|
|
37
33
|
end
|
|
38
34
|
|
|
39
35
|
def readwrite
|
|
40
|
-
Sodium.readwrite(
|
|
36
|
+
Sodium.readwrite(to_ptr)
|
|
41
37
|
end
|
|
42
38
|
|
|
43
39
|
private
|
|
44
40
|
|
|
45
41
|
def setup_finalizer
|
|
46
|
-
ObjectSpace.define_finalizer(
|
|
42
|
+
ObjectSpace.define_finalizer(to_ptr, self.class.free(to_ptr.address))
|
|
47
43
|
end
|
|
48
44
|
|
|
49
45
|
def remove_finalizer
|
|
50
|
-
ObjectSpace.undefine_finalizer
|
|
46
|
+
ObjectSpace.undefine_finalizer to_ptr
|
|
51
47
|
end
|
|
52
48
|
|
|
53
49
|
def self.free(address)
|
|
54
50
|
->(obj_id) do
|
|
55
|
-
|
|
56
|
-
Sodium.
|
|
51
|
+
ptr = FFI::Pointer.new(address)
|
|
52
|
+
Sodium.readwrite(ptr)
|
|
53
|
+
Sodium.free(ptr)
|
|
57
54
|
true
|
|
58
55
|
end
|
|
59
56
|
end
|
data/lib/sodium/utils.rb
CHANGED
|
@@ -36,15 +36,15 @@ module Sodium
|
|
|
36
36
|
string
|
|
37
37
|
elsif string.respond_to?(:to_str)
|
|
38
38
|
string.to_str
|
|
39
|
-
elsif string.respond_to?(:
|
|
40
|
-
string.
|
|
39
|
+
elsif string.respond_to?(:get_string)
|
|
40
|
+
string.get_string(0)
|
|
41
41
|
else
|
|
42
42
|
fail ArgumentError, "#{string.class} is not a String", caller
|
|
43
43
|
end
|
|
44
44
|
end
|
|
45
45
|
|
|
46
46
|
def get_int(int)
|
|
47
|
-
if int.is_a?(
|
|
47
|
+
if int.is_a?(Fixnum)
|
|
48
48
|
int
|
|
49
49
|
elsif int.respond_to?(:to_int)
|
|
50
50
|
int.to_int
|
data/lib/sodium/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: ffi-libsodium
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.1.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Hendrik Beskow
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2014-
|
|
11
|
+
date: 2014-12-06 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: ffi
|