ffi-libsodium 0.4.3 → 0.4.4
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/crypto/aead/chacha20_poly1305.rb +16 -17
- data/lib/crypto/box.rb +102 -29
- data/lib/crypto/generic_hash.rb +9 -9
- data/lib/crypto/pw_hash/scrypt_salsa208_sha256.rb +8 -8
- data/lib/crypto/secret_box.rb +95 -24
- data/lib/crypto/sign.rb +24 -3
- data/lib/crypto/sign/ed25519.rb +29 -0
- data/lib/sodium.rb +20 -21
- data/lib/sodium/version.rb +1 -1
- metadata +3 -3
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: f69721c907579641680a434287394a6bf4167701
|
4
|
+
data.tar.gz: aa8032ace5a3f2cd8ac8a7e664c78da9b87605ab
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 258b1c21db7bf8e33097284cce68b7ee769336ce68c6522af170dd3026540ccddc3ea9bf62c0d8fab34d34932c76d92cee5454955b77db63c8d69a61667a8bc0
|
7
|
+
data.tar.gz: 3b4c31224024845e5aa13c6e80b4844834b7760015ee328c231d586170f5d2edb9d22756da7bb8f5dfcd5b95cdf764af7794a2d56d4145532b45c9d340bd9026
|
@@ -54,25 +54,24 @@ module Crypto
|
|
54
54
|
end
|
55
55
|
|
56
56
|
def decrypt(ciphertext, additional_data, nonce, key, encoding = nil)
|
57
|
-
ciphertext_len = get_size(ciphertext)
|
58
|
-
if (decrypted_len = ciphertext_len - ABYTES) >= 0
|
59
|
-
check_length(nonce, NPUBBYTES, :Nonce)
|
60
|
-
check_length(key, KEYBYTES, :SecretKey)
|
61
|
-
|
62
|
-
decrypted = zeros(decrypted_len)
|
63
|
-
key.readonly if key.is_a?(Sodium::SecretBuffer)
|
64
|
-
if crypto_aead_chacha20poly1305_decrypt(decrypted, nil, nil, ciphertext, ciphertext_len, additional_data, get_size(additional_data), nonce, key) == 0
|
65
|
-
if encoding
|
66
|
-
decrypted.force_encoding(encoding)
|
67
|
-
else
|
68
|
-
decrypted
|
69
|
-
end
|
70
|
-
else
|
71
|
-
raise Sodium::CryptoError, "Message forged", caller
|
72
|
-
end
|
73
|
-
else
|
57
|
+
if (decrypted_len = (ciphertext_len = get_size(ciphertext)) - ABYTES) < 0
|
74
58
|
fail Sodium::LengthError, "Ciphertext is too short", caller
|
75
59
|
end
|
60
|
+
|
61
|
+
check_length(nonce, NPUBBYTES, :Nonce)
|
62
|
+
check_length(key, KEYBYTES, :SecretKey)
|
63
|
+
|
64
|
+
decrypted = zeros(decrypted_len)
|
65
|
+
key.readonly if key.is_a?(Sodium::SecretBuffer)
|
66
|
+
if crypto_aead_chacha20poly1305_decrypt(decrypted, nil, nil, ciphertext, ciphertext_len, additional_data, get_size(additional_data), nonce, key) == -1
|
67
|
+
raise Sodium::CryptoError, "Message forged", caller
|
68
|
+
end
|
69
|
+
|
70
|
+
if encoding
|
71
|
+
decrypted.force_encoding(encoding)
|
72
|
+
end
|
73
|
+
|
74
|
+
decrypted
|
76
75
|
ensure
|
77
76
|
key.noaccess if key.is_a?(Sodium::SecretBuffer)
|
78
77
|
end
|
data/lib/crypto/box.rb
CHANGED
@@ -25,11 +25,14 @@ module Crypto
|
|
25
25
|
NONCEBYTES = noncebytes.freeze
|
26
26
|
MACBYTES = macbytes.freeze
|
27
27
|
|
28
|
-
attach_function :crypto_box_keypair,
|
29
|
-
attach_function :crypto_box_seed_keypair,
|
28
|
+
attach_function :crypto_box_keypair, [:buffer_out, :buffer_out], :int
|
29
|
+
attach_function :crypto_box_seed_keypair, [:buffer_out, :buffer_out, :buffer_in], :int
|
30
30
|
|
31
|
-
attach_function :crypto_box_easy,
|
32
|
-
attach_function :crypto_box_open_easy,
|
31
|
+
attach_function :crypto_box_easy, [:buffer_out, :buffer_in, :ulong_long, :buffer_in, :buffer_in, :buffer_in], :int
|
32
|
+
attach_function :crypto_box_open_easy, [:buffer_out, :buffer_in, :ulong_long, :buffer_in, :buffer_in, :buffer_in], :int
|
33
|
+
|
34
|
+
attach_function :crypto_box_detached, [:buffer_out, :buffer_out, :buffer_in, :ulong_long, :buffer_in, :buffer_in, :buffer_in], :int
|
35
|
+
attach_function :crypto_box_open_detached, [:buffer_out, :buffer_in, :buffer_in, :ulong_long, :buffer_in, :buffer_in, :buffer_in], :int
|
33
36
|
|
34
37
|
module_function
|
35
38
|
|
@@ -104,15 +107,15 @@ module Crypto
|
|
104
107
|
|
105
108
|
decrypted = zeros(ciphertext_len - MACBYTES)
|
106
109
|
secret_key.readonly if secret_key.is_a?(Sodium::SecretBuffer)
|
107
|
-
if crypto_box_open_easy(decrypted, ciphertext, ciphertext_len, nonce, public_key, secret_key) ==
|
108
|
-
if encoding
|
109
|
-
decrypted.force_encoding(encoding)
|
110
|
-
else
|
111
|
-
decrypted
|
112
|
-
end
|
113
|
-
else
|
110
|
+
if crypto_box_open_easy(decrypted, ciphertext, ciphertext_len, nonce, public_key, secret_key) == -1
|
114
111
|
raise Sodium::CryptoError, "Message forged", caller
|
115
112
|
end
|
113
|
+
|
114
|
+
if encoding
|
115
|
+
decrypted.force_encoding(encoding)
|
116
|
+
end
|
117
|
+
|
118
|
+
decrypted
|
116
119
|
ensure
|
117
120
|
secret_key.noaccess if secret_key.is_a?(Sodium::SecretBuffer)
|
118
121
|
end
|
@@ -128,7 +131,7 @@ module Crypto
|
|
128
131
|
secret_key.readonly if secret_key.is_a?(Sodium::SecretBuffer)
|
129
132
|
crypto_box_easy(message, message, message_len, nonce, public_key, secret_key)
|
130
133
|
|
131
|
-
message
|
134
|
+
message
|
132
135
|
ensure
|
133
136
|
secret_key.noaccess if secret_key.is_a?(Sodium::SecretBuffer)
|
134
137
|
end
|
@@ -136,25 +139,95 @@ module Crypto
|
|
136
139
|
def open!(data, nonce, public_key, secret_key, encoding = nil)
|
137
140
|
ciphertext = String(data)
|
138
141
|
ciphertext_len = ciphertext.bytesize
|
139
|
-
if (message_len = ciphertext_len - MACBYTES)
|
140
|
-
check_length(nonce, NONCEBYTES, :Nonce)
|
141
|
-
check_length(public_key, PUBLICKEYBYTES, :PublicKey)
|
142
|
-
check_length(secret_key, SECRETKEYBYTES, :SecretKey)
|
143
|
-
|
144
|
-
secret_key.readonly if secret_key.is_a?(Sodium::SecretBuffer)
|
145
|
-
if crypto_box_open_easy(ciphertext, ciphertext, ciphertext_len, nonce, public_key, secret_key) == 0
|
146
|
-
ciphertext.slice!(message_len..-1)
|
147
|
-
if encoding
|
148
|
-
ciphertext.force_encoding(encoding)
|
149
|
-
else
|
150
|
-
ciphertext
|
151
|
-
end
|
152
|
-
else
|
153
|
-
raise Sodium::CryptoError, "Message forged", caller
|
154
|
-
end
|
155
|
-
else
|
142
|
+
if (message_len = ciphertext_len - MACBYTES) < 0
|
156
143
|
fail Sodium::LengthError, "Ciphertext is too short", caller
|
157
144
|
end
|
145
|
+
|
146
|
+
check_length(nonce, NONCEBYTES, :Nonce)
|
147
|
+
check_length(public_key, PUBLICKEYBYTES, :PublicKey)
|
148
|
+
check_length(secret_key, SECRETKEYBYTES, :SecretKey)
|
149
|
+
|
150
|
+
secret_key.readonly if secret_key.is_a?(Sodium::SecretBuffer)
|
151
|
+
if crypto_box_open_easy(ciphertext, ciphertext, ciphertext_len, nonce, public_key, secret_key) == -1
|
152
|
+
raise Sodium::CryptoError, "Message forged", caller
|
153
|
+
end
|
154
|
+
|
155
|
+
ciphertext.slice!(message_len..-1)
|
156
|
+
if encoding
|
157
|
+
ciphertext.force_encoding(encoding)
|
158
|
+
end
|
159
|
+
|
160
|
+
ciphertext
|
161
|
+
ensure
|
162
|
+
secret_key.noaccess if secret_key.is_a?(Sodium::SecretBuffer)
|
163
|
+
end
|
164
|
+
|
165
|
+
def detached(message, nonce, public_key, secret_key)
|
166
|
+
message_len = get_size(message)
|
167
|
+
check_length(nonce, NONCEBYTES, :Nonce)
|
168
|
+
check_length(public_key, PUBLICKEYBYTES, :PublicKey)
|
169
|
+
check_length(secret_key, SECRETKEYBYTES, :SecretKey)
|
170
|
+
|
171
|
+
ciphertext = zeros(message_len)
|
172
|
+
mac = zeros(MACBYTES)
|
173
|
+
secret_key.readonly if secret_key.is_a?(Sodium::SecretBuffer)
|
174
|
+
crypto_box_detached(ciphertext, mac, message, message_len, nonce, public_key, secret_key)
|
175
|
+
[ciphertext, mac]
|
176
|
+
ensure
|
177
|
+
secret_key.noaccess if secret_key.is_a?(Sodium::SecretBuffer)
|
178
|
+
end
|
179
|
+
|
180
|
+
def open_detached(ciphertext, mac, nonce, public_key, secret_key, encoding = nil)
|
181
|
+
ciphertext_len = get_size(ciphertext)
|
182
|
+
check_length(mac, MACBYTES, :Mac)
|
183
|
+
check_length(nonce, NONCEBYTES, :Nonce)
|
184
|
+
check_length(public_key, PUBLICKEYBYTES, :PublicKey)
|
185
|
+
check_length(secret_key, SECRETKEYBYTES, :SecretKey)
|
186
|
+
|
187
|
+
decrypted = zeros(ciphertext_len)
|
188
|
+
secret_key.readonly if secret_key.is_a?(Sodium::SecretBuffer)
|
189
|
+
if crypto_box_open_detached(decrypted, ciphertext, mac, ciphertext_len, nonce, public_key, secret_key) == -1
|
190
|
+
raise Sodium::CryptoError, "Message forged", caller
|
191
|
+
end
|
192
|
+
|
193
|
+
if encoding
|
194
|
+
decrypted.force_encoding(encoding)
|
195
|
+
end
|
196
|
+
|
197
|
+
decrypted
|
198
|
+
ensure
|
199
|
+
secret_key.noaccess if secret_key.is_a?(Sodium::SecretBuffer)
|
200
|
+
end
|
201
|
+
|
202
|
+
def detached!(message, nonce, public_key, secret_key)
|
203
|
+
check_length(nonce, NONCEBYTES, :Nonce)
|
204
|
+
check_length(public_key, PUBLICKEYBYTES, :PublicKey)
|
205
|
+
check_length(secret_key, SECRETKEYBYTES, :SecretKey)
|
206
|
+
|
207
|
+
mac = zeros(MACBYTES)
|
208
|
+
secret_key.readonly if secret_key.is_a?(Sodium::SecretBuffer)
|
209
|
+
crypto_box_detached(message, mac, message, get_size(message), nonce, public_key, secret_key)
|
210
|
+
[message, mac]
|
211
|
+
ensure
|
212
|
+
secret_key.noaccess if secret_key.is_a?(Sodium::SecretBuffer)
|
213
|
+
end
|
214
|
+
|
215
|
+
def open_detached!(ciphertext, mac, nonce, public_key, secret_key, encoding = nil)
|
216
|
+
check_length(mac, MACBYTES, :Mac)
|
217
|
+
check_length(nonce, NONCEBYTES, :Nonce)
|
218
|
+
check_length(public_key, PUBLICKEYBYTES, :PublicKey)
|
219
|
+
check_length(secret_key, SECRETKEYBYTES, :SecretKey)
|
220
|
+
|
221
|
+
secret_key.readonly if secret_key.is_a?(Sodium::SecretBuffer)
|
222
|
+
if crypto_box_open_detached(ciphertext, ciphertext, mac, get_size(ciphertext), nonce, public_key, secret_key) == -1
|
223
|
+
raise Sodium::CryptoError, "Message forged", caller
|
224
|
+
end
|
225
|
+
|
226
|
+
if encoding && ciphertext.respond_to?(:force_encoding)
|
227
|
+
ciphertext.force_encoding(encoding)
|
228
|
+
end
|
229
|
+
|
230
|
+
ciphertext
|
158
231
|
ensure
|
159
232
|
secret_key.noaccess if secret_key.is_a?(Sodium::SecretBuffer)
|
160
233
|
end
|
data/lib/crypto/generic_hash.rb
CHANGED
@@ -53,11 +53,11 @@ module Crypto
|
|
53
53
|
|
54
54
|
blake2b = zeros(hash_size)
|
55
55
|
key.readonly if key.is_a?(Sodium::SecretBuffer)
|
56
|
-
if crypto_generichash(blake2b, hash_size, message, get_size(message), key, key_len) ==
|
57
|
-
blake2b
|
58
|
-
else
|
56
|
+
if crypto_generichash(blake2b, hash_size, message, get_size(message), key, key_len) == -1
|
59
57
|
raise Sodium::CryptoError
|
60
58
|
end
|
59
|
+
|
60
|
+
blake2b
|
61
61
|
ensure
|
62
62
|
key.noaccess if key.is_a?(Sodium::SecretBuffer)
|
63
63
|
end
|
@@ -71,11 +71,11 @@ module Crypto
|
|
71
71
|
|
72
72
|
state = State.new
|
73
73
|
key.readonly if key.is_a?(Sodium::SecretBuffer)
|
74
|
-
if crypto_generichash_init(state, key, key_len, hash_size) ==
|
75
|
-
[state, zeros(hash_size)]
|
76
|
-
else
|
74
|
+
if crypto_generichash_init(state, key, key_len, hash_size) == -1
|
77
75
|
raise Sodium::CryptoError
|
78
76
|
end
|
77
|
+
|
78
|
+
[state, zeros(hash_size)]
|
79
79
|
ensure
|
80
80
|
key.noaccess if key.is_a?(Sodium::SecretBuffer)
|
81
81
|
end
|
@@ -85,11 +85,11 @@ module Crypto
|
|
85
85
|
end
|
86
86
|
|
87
87
|
def final(state, blake2b)
|
88
|
-
if crypto_generichash_final(state, blake2b, blake2b.bytesize) ==
|
89
|
-
blake2b
|
90
|
-
else
|
88
|
+
if crypto_generichash_final(state, blake2b, blake2b.bytesize) == -1
|
91
89
|
raise Sodium::CryptoError
|
92
90
|
end
|
91
|
+
|
92
|
+
blake2b
|
93
93
|
end
|
94
94
|
end
|
95
95
|
|
@@ -52,21 +52,21 @@ module Crypto
|
|
52
52
|
check_length(salt, SALTBYTES, :Salt)
|
53
53
|
|
54
54
|
out = Sodium::SecretBuffer.new(outlen)
|
55
|
-
if crypto_pwhash_scryptsalsa208sha256(out, outlen, passwd, passwd.bytesize, salt, opslimit, memlimit) ==
|
56
|
-
out.noaccess
|
57
|
-
out
|
58
|
-
else
|
55
|
+
if crypto_pwhash_scryptsalsa208sha256(out, outlen, passwd, passwd.bytesize, salt, opslimit, memlimit) == -1
|
59
56
|
raise NoMemoryError, "Failed to allocate memory max size=#{memlimit} bytes", caller
|
60
57
|
end
|
58
|
+
|
59
|
+
out.noaccess
|
60
|
+
out
|
61
61
|
end
|
62
62
|
|
63
63
|
def str(passwd, opslimit = OPSLIMIT_INTERACTIVE, memlimit = MEMLIMIT_INTERACTIVE)
|
64
|
-
hashed_password = zeros(STRBYTES
|
65
|
-
if crypto_pwhash_scryptsalsa208sha256_str(hashed_password, passwd, passwd.bytesize, opslimit, memlimit) ==
|
66
|
-
hashed_password
|
67
|
-
else
|
64
|
+
hashed_password = zeros(STRBYTES)
|
65
|
+
if crypto_pwhash_scryptsalsa208sha256_str(hashed_password, passwd, passwd.bytesize, opslimit, memlimit) == -1
|
68
66
|
raise NoMemoryError, "Failed to allocate memory max size=#{memlimit} bytes", caller
|
69
67
|
end
|
68
|
+
|
69
|
+
hashed_password.chop!
|
70
70
|
end
|
71
71
|
|
72
72
|
def str_verify(str, passwd)
|
data/lib/crypto/secret_box.rb
CHANGED
@@ -24,6 +24,9 @@ module Crypto
|
|
24
24
|
attach_function :crypto_secretbox_easy, [:buffer_out, :buffer_in, :ulong_long, :buffer_in, :buffer_in], :int
|
25
25
|
attach_function :crypto_secretbox_open_easy, [:buffer_out, :buffer_in, :ulong_long, :buffer_in, :buffer_in], :int
|
26
26
|
|
27
|
+
attach_function :crypto_secretbox_detached, [:buffer_out, :buffer_out, :buffer_in, :ulong_long, :buffer_in, :buffer_in], :int
|
28
|
+
attach_function :crypto_secretbox_open_detached, [:buffer_out, :buffer_out, :buffer_in, :ulong_long, :buffer_in, :buffer_in], :int
|
29
|
+
|
27
30
|
module_function
|
28
31
|
|
29
32
|
def nonce
|
@@ -51,15 +54,15 @@ module Crypto
|
|
51
54
|
|
52
55
|
decrypted = zeros(ciphertext_len - MACBYTES)
|
53
56
|
key.readonly if key.is_a?(Sodium::SecretBuffer)
|
54
|
-
if crypto_secretbox_open_easy(decrypted, ciphertext, ciphertext_len, nonce, key) ==
|
55
|
-
if encoding
|
56
|
-
decrypted.force_encoding(encoding)
|
57
|
-
else
|
58
|
-
decrypted
|
59
|
-
end
|
60
|
-
else
|
57
|
+
if crypto_secretbox_open_easy(decrypted, ciphertext, ciphertext_len, nonce, key) == -1
|
61
58
|
raise Sodium::CryptoError, "Message forged", caller
|
62
59
|
end
|
60
|
+
|
61
|
+
if encoding
|
62
|
+
decrypted.force_encoding(encoding)
|
63
|
+
end
|
64
|
+
|
65
|
+
decrypted
|
63
66
|
ensure
|
64
67
|
key.noaccess if key.is_a?(Sodium::SecretBuffer)
|
65
68
|
end
|
@@ -81,25 +84,93 @@ module Crypto
|
|
81
84
|
|
82
85
|
def open!(data, nonce, key, encoding = nil)
|
83
86
|
ciphertext = String(data)
|
84
|
-
|
85
|
-
if (message_len = ciphertext_len - MACBYTES)
|
86
|
-
check_length(nonce, NONCEBYTES, :Nonce)
|
87
|
-
check_length(key, KEYBYTES, :SecretKey)
|
88
|
-
|
89
|
-
key.readonly if key.is_a?(Sodium::SecretBuffer)
|
90
|
-
if crypto_secretbox_open_easy(ciphertext, ciphertext, ciphertext_len, nonce, key) == 0
|
91
|
-
ciphertext.slice!(message_len..-1)
|
92
|
-
if encoding
|
93
|
-
ciphertext.force_encoding(encoding)
|
94
|
-
else
|
95
|
-
ciphertext
|
96
|
-
end
|
97
|
-
else
|
98
|
-
raise Sodium::CryptoError, "Message forged", caller
|
99
|
-
end
|
100
|
-
else
|
87
|
+
|
88
|
+
if (message_len = (ciphertext_len = ciphertext.bytesize) - MACBYTES) < 0
|
101
89
|
fail Sodium::LengthError, "Ciphertext is too short", caller
|
102
90
|
end
|
91
|
+
|
92
|
+
check_length(nonce, NONCEBYTES, :Nonce)
|
93
|
+
check_length(key, KEYBYTES, :SecretKey)
|
94
|
+
|
95
|
+
key.readonly if key.is_a?(Sodium::SecretBuffer)
|
96
|
+
if crypto_secretbox_open_easy(ciphertext, ciphertext, ciphertext_len, nonce, key) == -1
|
97
|
+
raise Sodium::CryptoError, "Message forged", caller
|
98
|
+
end
|
99
|
+
|
100
|
+
ciphertext.slice!(message_len..-1)
|
101
|
+
if encoding
|
102
|
+
ciphertext.force_encoding(encoding)
|
103
|
+
end
|
104
|
+
|
105
|
+
ciphertext
|
106
|
+
ensure
|
107
|
+
key.noaccess if key.is_a?(Sodium::SecretBuffer)
|
108
|
+
end
|
109
|
+
|
110
|
+
def detached(message, nonce, key)
|
111
|
+
message_len = get_size(message)
|
112
|
+
check_length(nonce, NONCEBYTES, :Nonce)
|
113
|
+
check_length(key, KEYBYTES, :SecretKey)
|
114
|
+
|
115
|
+
ciphertext = zeros(message_len)
|
116
|
+
mac = zeros(MACBYTES)
|
117
|
+
key.readonly if key.is_a?(Sodium::SecretBuffer)
|
118
|
+
crypto_secretbox_easy(ciphertext, mac, message, message_len, nonce, key)
|
119
|
+
|
120
|
+
[ciphertext, mac]
|
121
|
+
ensure
|
122
|
+
key.noaccess if key.is_a?(Sodium::SecretBuffer)
|
123
|
+
end
|
124
|
+
|
125
|
+
def open_detached(ciphertext, mac, nonce, key, encoding = nil)
|
126
|
+
ciphertext_len = get_size(ciphertext)
|
127
|
+
check_length(mac, MACBYTES, :Mac)
|
128
|
+
check_length(nonce, NONCEBYTES, :Nonce)
|
129
|
+
check_length(key, KEYBYTES, :SecretKey)
|
130
|
+
|
131
|
+
decrypted = zeros(ciphertext_len)
|
132
|
+
key.readonly if key.is_a?(Sodium::SecretBuffer)
|
133
|
+
if crypto_secretbox_open_easy(decrypted, ciphertext, mac, ciphertext_len, nonce, key) == -1
|
134
|
+
raise Sodium::CryptoError, "Message forged", caller
|
135
|
+
end
|
136
|
+
|
137
|
+
if encoding
|
138
|
+
decrypted.force_encoding(encoding)
|
139
|
+
end
|
140
|
+
|
141
|
+
decrypted
|
142
|
+
ensure
|
143
|
+
key.noaccess if key.is_a?(Sodium::SecretBuffer)
|
144
|
+
end
|
145
|
+
|
146
|
+
def detached!(message, nonce, key)
|
147
|
+
check_length(nonce, NONCEBYTES, :Nonce)
|
148
|
+
check_length(key, KEYBYTES, :SecretKey)
|
149
|
+
|
150
|
+
mac = zeros(MACBYTES)
|
151
|
+
key.readonly if key.is_a?(Sodium::SecretBuffer)
|
152
|
+
crypto_secretbox_easy(message, message, mac, get_size(message), nonce, key)
|
153
|
+
|
154
|
+
[message, mac]
|
155
|
+
ensure
|
156
|
+
key.noaccess if key.is_a?(Sodium::SecretBuffer)
|
157
|
+
end
|
158
|
+
|
159
|
+
def open_detached!(ciphertext, mac, nonce, key, encoding = nil)
|
160
|
+
check_length(mac, MACBYTES, :Mac)
|
161
|
+
check_length(nonce, NONCEBYTES, :Nonce)
|
162
|
+
check_length(key, KEYBYTES, :SecretKey)
|
163
|
+
|
164
|
+
key.readonly if key.is_a?(Sodium::SecretBuffer)
|
165
|
+
if crypto_secretbox_open_easy(ciphertext, ciphertext, mac, get_size(ciphertext), nonce, key) == -1
|
166
|
+
raise Sodium::CryptoError, "Message forged", caller
|
167
|
+
end
|
168
|
+
|
169
|
+
if encoding && ciphertext.respond_to?(:force_encoding)
|
170
|
+
ciphertext.force_encoding(encoding)
|
171
|
+
end
|
172
|
+
|
173
|
+
ciphertext
|
103
174
|
ensure
|
104
175
|
key.noaccess if key.is_a?(Sodium::SecretBuffer)
|
105
176
|
end
|
data/lib/crypto/sign.rb
CHANGED
@@ -28,6 +28,9 @@ module Crypto
|
|
28
28
|
attach_function :crypto_sign, [:buffer_out, :pointer, :buffer_in, :ulong_long, :buffer_in], :int
|
29
29
|
attach_function :crypto_sign_open, [:buffer_out, :pointer, :buffer_in, :ulong_long, :buffer_in], :int
|
30
30
|
|
31
|
+
attach_function :crypto_sign_detached, [:buffer_out, :pointer, :buffer_in, :ulong_long, :buffer_in], :int
|
32
|
+
attach_function :crypto_sign_verify_detached, [:buffer_in, :buffer_in, :ulong_long, :buffer_in], :int
|
33
|
+
|
31
34
|
module_function
|
32
35
|
|
33
36
|
def keypair
|
@@ -93,11 +96,29 @@ module Crypto
|
|
93
96
|
|
94
97
|
unsealed_message = zeros(sealed_message_len - BYTES)
|
95
98
|
unsealed_message_len = FFI::MemoryPointer.new(:ulong_long)
|
96
|
-
if crypto_sign_open(unsealed_message, unsealed_message_len, sealed_message, sealed_message_len, public_key) ==
|
97
|
-
unsealed_message
|
98
|
-
else
|
99
|
+
if crypto_sign_open(unsealed_message, unsealed_message_len, sealed_message, sealed_message_len, public_key) == -1
|
99
100
|
raise Sodium::CryptoError, "Incorrect signature", caller
|
100
101
|
end
|
102
|
+
|
103
|
+
unsealed_message
|
104
|
+
end
|
105
|
+
|
106
|
+
def detached(message, secret_key)
|
107
|
+
check_length(secret_key, SECRETKEYBYTES, :SecretKey)
|
108
|
+
|
109
|
+
signature = zeros(BYTES)
|
110
|
+
secret_key.readonly if secret_key.is_a?(Sodium::SecretBuffer)
|
111
|
+
crypto_sign_detached(signature, nil, message, get_size(message), secret_key)
|
112
|
+
|
113
|
+
signature
|
114
|
+
ensure
|
115
|
+
secret_key.noaccess if secret_key.is_a?(Sodium::SecretBuffer)
|
116
|
+
end
|
117
|
+
|
118
|
+
def verify_detached(signature, message, public_key)
|
119
|
+
check_length(signature, BYTES, :Signature)
|
120
|
+
|
121
|
+
crypto_sign_verify_detached(signature, message, get_size(message), public_key) == 0
|
101
122
|
end
|
102
123
|
end
|
103
124
|
|
data/lib/crypto/sign/ed25519.rb
CHANGED
@@ -22,13 +22,18 @@ module Crypto
|
|
22
22
|
|
23
23
|
attach_function :publickeybytes, :crypto_sign_ed25519_publickeybytes, [], :size_t
|
24
24
|
attach_function :secretkeybytes, :crypto_sign_ed25519_secretkeybytes, [], :size_t
|
25
|
+
attach_function :seedbytes, :crypto_sign_ed25519_seedbytes, [], :size_t
|
25
26
|
|
26
27
|
PUBLICKEYBYTES = publickeybytes.freeze
|
27
28
|
SECRETKEYBYTES = secretkeybytes.freeze
|
29
|
+
SEEDBYTES = seedbytes.freeze
|
28
30
|
|
29
31
|
attach_function :crypto_sign_ed25519_pk_to_curve25519, [:buffer_out, :buffer_in], :int
|
30
32
|
attach_function :crypto_sign_ed25519_sk_to_curve25519, [:buffer_out, :buffer_in], :int
|
31
33
|
|
34
|
+
attach_function :crypto_sign_ed25519_sk_to_seed, [:buffer_out, :buffer_in], :int
|
35
|
+
attach_function :crypto_sign_ed25519_sk_to_pk, [:buffer_out, :buffer_in], :int
|
36
|
+
|
32
37
|
module_function
|
33
38
|
|
34
39
|
def pk_to_curve25519(public_key)
|
@@ -52,6 +57,30 @@ module Crypto
|
|
52
57
|
ensure
|
53
58
|
secret_key.noaccess if secret_key.is_a?(Sodium::SecretBuffer)
|
54
59
|
end
|
60
|
+
|
61
|
+
def sk_to_seed(secret_key)
|
62
|
+
check_length(secret_key, SECRETKEYBYTES, :SecretKey)
|
63
|
+
|
64
|
+
seed = zeros(SEEDBYTES)
|
65
|
+
secret_key.readonly if secret_key.is_a?(Sodium::SecretBuffer)
|
66
|
+
crypto_sign_ed25519_sk_to_seed(seed, secret_key)
|
67
|
+
|
68
|
+
seed
|
69
|
+
ensure
|
70
|
+
secret_key.noaccess if secret_key.is_a?(Sodium::SecretBuffer)
|
71
|
+
end
|
72
|
+
|
73
|
+
def sk_to_pk(secret_key)
|
74
|
+
check_length(secret_key, SECRETKEYBYTES, :SecretKey)
|
75
|
+
|
76
|
+
public_key = zeros(PUBLICKEYBYTES)
|
77
|
+
secret_key.readonly if secret_key.is_a?(Sodium::SecretBuffer)
|
78
|
+
crypto_sign_ed25519_sk_to_pk(seed, secret_key)
|
79
|
+
|
80
|
+
public_key
|
81
|
+
ensure
|
82
|
+
secret_key.noaccess if secret_key.is_a?(Sodium::SecretBuffer)
|
83
|
+
end
|
55
84
|
end
|
56
85
|
|
57
86
|
Ed25519.freeze
|
data/lib/sodium.rb
CHANGED
@@ -23,35 +23,35 @@ module Sodium
|
|
23
23
|
module_function
|
24
24
|
|
25
25
|
def mlock(addr, len)
|
26
|
-
if sodium_mlock(addr, len) ==
|
27
|
-
true
|
28
|
-
else
|
26
|
+
if sodium_mlock(addr, len) == -1
|
29
27
|
raise MemoryError, "Could not lock length=#{len} bytes memory at address=#{addr.address}", caller
|
30
28
|
end
|
29
|
+
|
30
|
+
true
|
31
31
|
end
|
32
32
|
|
33
33
|
def munlock(addr, len)
|
34
|
-
if sodium_munlock(addr, len) ==
|
35
|
-
true
|
36
|
-
else
|
34
|
+
if sodium_munlock(addr, len) == -1
|
37
35
|
raise MemoryError, "Could not unlock length=#{len} bytes memory at address=#{addr.address}", caller
|
38
36
|
end
|
37
|
+
|
38
|
+
true
|
39
39
|
end
|
40
40
|
|
41
41
|
def malloc(size)
|
42
|
-
|
43
|
-
mem
|
44
|
-
else
|
42
|
+
if (mem = sodium_malloc(size)).null?
|
45
43
|
raise NoMemoryError, "Failed to allocate memory size=#{size} bytes", caller
|
46
44
|
end
|
45
|
+
|
46
|
+
mem
|
47
47
|
end
|
48
48
|
|
49
49
|
def allocarray(count, size)
|
50
|
-
|
51
|
-
mem
|
52
|
-
else
|
50
|
+
if (mem = sodium_allocarray(count, size)).null?
|
53
51
|
raise NoMemoryError, "Failed to allocate memory size=#{count * size} bytes", caller
|
54
52
|
end
|
53
|
+
|
54
|
+
mem
|
55
55
|
end
|
56
56
|
|
57
57
|
def bin2hex(bin)
|
@@ -63,22 +63,21 @@ module Sodium
|
|
63
63
|
def hex2bin(hex, bin_maxlen, ignore = nil)
|
64
64
|
bin = zeros(bin_maxlen)
|
65
65
|
bin_len = FFI::MemoryPointer.new(:size_t)
|
66
|
-
if sodium_hex2bin(bin, bin_maxlen, hex, hex.bytesize, ignore, bin_len, nil) ==
|
67
|
-
size = bin_len.size == 8 ? bin_len.get_uint64(0) : bin_len.get_uint32(0)
|
68
|
-
[bin, size]
|
69
|
-
else
|
66
|
+
if sodium_hex2bin(bin, bin_maxlen, hex, hex.bytesize, ignore, bin_len, nil) == -1
|
70
67
|
raise LengthError, "bin_maxlen=#{bin_maxlen} is too short", caller
|
71
68
|
end
|
69
|
+
size = bin_len.size == 8 ? bin_len.get_uint64(0) : bin_len.get_uint32(0)
|
70
|
+
|
71
|
+
[bin, size]
|
72
72
|
end
|
73
73
|
|
74
74
|
def hex2bin!(hex, bin_maxlen, ignore = nil)
|
75
75
|
bin_len = FFI::MemoryPointer.new(:size_t)
|
76
|
-
if sodium_hex2bin(hex, bin_maxlen, hex, hex.bytesize, ignore, bin_len, nil) ==
|
77
|
-
size = bin_len.size == 8 ? bin_len.get_uint64(0) : bin_len.get_uint32(0)
|
78
|
-
hex.slice!(size..-1)
|
79
|
-
hex
|
80
|
-
else
|
76
|
+
if sodium_hex2bin(hex, bin_maxlen, hex, hex.bytesize, ignore, bin_len, nil) == -1
|
81
77
|
raise LengthError, "bin_maxlen=#{bin_maxlen} is too short", caller
|
82
78
|
end
|
79
|
+
size = bin_len.size == 8 ? bin_len.get_uint64(0) : bin_len.get_uint32(0)
|
80
|
+
hex.slice!(size..-1)
|
81
|
+
hex
|
83
82
|
end
|
84
83
|
end
|
data/lib/sodium/version.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: ffi-libsodium
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.4.
|
4
|
+
version: 0.4.4
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Hendrik Beskow
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2014-12-
|
11
|
+
date: 2014-12-30 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: ffi
|
@@ -86,7 +86,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
86
86
|
version: '0'
|
87
87
|
requirements: []
|
88
88
|
rubyforge_project:
|
89
|
-
rubygems_version: 2.4.
|
89
|
+
rubygems_version: 2.4.5
|
90
90
|
signing_key:
|
91
91
|
specification_version: 4
|
92
92
|
summary: libsodium ffi wrapper
|