ffi-libsodium 0.0.9 → 0.1.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +1 -1
- data/lib/crypto/aead/chacha20_poly1305.rb +3 -4
- data/lib/crypto/auth.rb +3 -4
- data/lib/crypto/box.rb +13 -7
- data/lib/crypto/generic_hash.rb +6 -9
- data/lib/crypto/one_time_auth.rb +5 -8
- data/lib/crypto/pw_hash/scrypt_salsa208_sha256.rb +8 -13
- data/lib/crypto/scalar_mult.rb +2 -1
- data/lib/crypto/secret_box.rb +5 -5
- data/lib/crypto/short_hash.rb +2 -2
- data/lib/crypto/sign.rb +13 -6
- data/lib/crypto/sign/ed25519.rb +2 -1
- data/lib/random_bytes.rb +1 -1
- data/lib/sodium.rb +5 -5
- data/lib/sodium/buffer.rb +2 -0
- data/lib/sodium/secret_buffer.rb +15 -18
- data/lib/sodium/utils.rb +3 -3
- data/lib/sodium/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: ead53faf6d5782f67d70043e224ded1177881f6d
|
|
4
|
+
data.tar.gz: 51467dd63043a45e209597485caf46994c3ce04e
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 31b2073dbb29f12e2c45ca3a0579888c4062e17d8e24a553a3d00ac4715b0d783f45be3216cc125e11c5b08718345689cb0e00ce90531462537cdabceeaf90c4
|
|
7
|
+
data.tar.gz: 1f3b6439bfd1586bb03433b63228cae955f9f4919d54ccce2542c2c8719c21b372569577ca473f0f809bb7f029dee41b8bed08e51442f5db04407c834b39a3a4
|
data/README.md
CHANGED
|
@@ -14,7 +14,7 @@ require 'libsodium'
|
|
|
14
14
|
password = 'test123'
|
|
15
15
|
|
|
16
16
|
salt = Crypto::PwHash::ScryptSalsa208SHA256.salt
|
|
17
|
-
key = Crypto::PwHash.scryptsalsa208sha256(
|
|
17
|
+
key = Crypto::PwHash.scryptsalsa208sha256(Crypto::Auth::KEYBYTES, password, salt)
|
|
18
18
|
mac = Crypto.auth(password, key)
|
|
19
19
|
|
|
20
20
|
puts Crypto::Auth.verify(mac, password, key)
|
|
@@ -42,13 +42,13 @@ module Crypto
|
|
|
42
42
|
|
|
43
43
|
def encrypt(message, additional_data, nonce, key)
|
|
44
44
|
message_len = get_size(message)
|
|
45
|
-
additional_data_len = get_size(additional_data)
|
|
46
45
|
check_length(nonce, NPUBBYTES, :Nonce)
|
|
47
46
|
check_length(key, KEYBYTES, :SecretKey)
|
|
48
47
|
|
|
49
48
|
ciphertext = Sodium::Buffer.new(:uchar, message_len + ABYTES)
|
|
49
|
+
ciphertext.primitive = PRIMITIVE
|
|
50
50
|
key.readonly if key.is_a?(Sodium::SecretBuffer)
|
|
51
|
-
crypto_aead_chacha20poly1305_encrypt(ciphertext, nil, message, message_len, additional_data,
|
|
51
|
+
crypto_aead_chacha20poly1305_encrypt(ciphertext, nil, message, message_len, additional_data, get_size(additional_data), nil, nonce, key)
|
|
52
52
|
|
|
53
53
|
ciphertext
|
|
54
54
|
ensure
|
|
@@ -59,13 +59,12 @@ module Crypto
|
|
|
59
59
|
unless ((ciphertext_len = get_size(ciphertext)) - ABYTES) > 0
|
|
60
60
|
fail Sodium::LengthError, "Ciphertext is too short", caller
|
|
61
61
|
end
|
|
62
|
-
additional_data_len = get_size(additional_data)
|
|
63
62
|
check_length(nonce, NPUBBYTES, :Nonce)
|
|
64
63
|
check_length(key, KEYBYTES, :SecretKey)
|
|
65
64
|
|
|
66
65
|
decrypted = Sodium::Buffer.new(:uchar, ciphertext_len - ABYTES)
|
|
67
66
|
key.readonly if key.is_a?(Sodium::SecretBuffer)
|
|
68
|
-
|
|
67
|
+
unless crypto_aead_chacha20poly1305_decrypt(decrypted, nil, nil, ciphertext, ciphertext_len, additional_data, get_size(additional_data), nonce, key).zero?
|
|
69
68
|
raise Sodium::CryptoError, "Message forged", caller
|
|
70
69
|
end
|
|
71
70
|
|
data/lib/crypto/auth.rb
CHANGED
|
@@ -24,12 +24,12 @@ module Crypto
|
|
|
24
24
|
module_function
|
|
25
25
|
|
|
26
26
|
def auth(message, key)
|
|
27
|
-
message_len = get_size(message)
|
|
28
27
|
check_length(key, KEYBYTES, :SecretKey)
|
|
29
28
|
|
|
30
29
|
mac = Sodium::Buffer.new(:uchar, BYTES)
|
|
30
|
+
mac.primitive = PRIMITIVE
|
|
31
31
|
key.readonly if key.is_a?(Sodium::SecretBuffer)
|
|
32
|
-
crypto_auth(mac, message,
|
|
32
|
+
crypto_auth(mac, message, get_size(message), key)
|
|
33
33
|
|
|
34
34
|
mac
|
|
35
35
|
ensure
|
|
@@ -38,11 +38,10 @@ module Crypto
|
|
|
38
38
|
|
|
39
39
|
def verify(mac, message, key)
|
|
40
40
|
check_length(mac, BYTES, :Mac)
|
|
41
|
-
message_len = get_size(message)
|
|
42
41
|
check_length(key, KEYBYTES, :SecretKey)
|
|
43
42
|
|
|
44
43
|
key.readonly if key.is_a?(Sodium::SecretBuffer)
|
|
45
|
-
crypto_auth_verify(mac, message,
|
|
44
|
+
crypto_auth_verify(mac, message, get_size(message), key).zero?
|
|
46
45
|
ensure
|
|
47
46
|
key.noaccess if key.is_a?(Sodium::SecretBuffer)
|
|
48
47
|
end
|
data/lib/crypto/box.rb
CHANGED
|
@@ -45,7 +45,9 @@ module Crypto
|
|
|
45
45
|
|
|
46
46
|
def keypair
|
|
47
47
|
public_key = Sodium::Buffer.new(:uchar, PUBLICKEYBYTES)
|
|
48
|
+
public_key.primitive = PRIMITIVE
|
|
48
49
|
secret_key = Sodium::Buffer.new(:uchar, SECRETKEYBYTES)
|
|
50
|
+
secret_key.primitive = PRIMITIVE
|
|
49
51
|
crypto_box_keypair(public_key, secret_key)
|
|
50
52
|
|
|
51
53
|
[public_key, secret_key]
|
|
@@ -55,7 +57,9 @@ module Crypto
|
|
|
55
57
|
check_length(seed, SEEDBYTES, :Seed)
|
|
56
58
|
|
|
57
59
|
public_key = Sodium::Buffer.new(:uchar, PUBLICKEYBYTES)
|
|
60
|
+
public_key.primitive = PRIMITIVE
|
|
58
61
|
secret_key = Sodium::Buffer.new(:uchar, SECRETKEYBYTES)
|
|
62
|
+
secret_key.primitive = PRIMITIVE
|
|
59
63
|
seed.readonly if seed.is_a?(Sodium::SecretBuffer)
|
|
60
64
|
crypto_box_seed_keypair(public_key, secret_key, seed)
|
|
61
65
|
|
|
@@ -66,7 +70,8 @@ module Crypto
|
|
|
66
70
|
|
|
67
71
|
def memory_locked_keypair
|
|
68
72
|
public_key = Sodium::Buffer.new(:uchar, PUBLICKEYBYTES)
|
|
69
|
-
|
|
73
|
+
public_key.primitive = PRIMITIVE
|
|
74
|
+
secret_key = Sodium::SecretBuffer.new(SECRETKEYBYTES, PRIMITIVE)
|
|
70
75
|
crypto_box_keypair(public_key, secret_key)
|
|
71
76
|
secret_key.noaccess
|
|
72
77
|
|
|
@@ -77,7 +82,8 @@ module Crypto
|
|
|
77
82
|
check_length(seed, SEEDBYTES, :Seed)
|
|
78
83
|
|
|
79
84
|
public_key = Sodium::Buffer.new(:uchar, PUBLICKEYBYTES)
|
|
80
|
-
|
|
85
|
+
public_key.primitive = PRIMITIVE
|
|
86
|
+
secret_key = Sodium::SecretBuffer.new(SECRETKEYBYTES, PRIMITIVE)
|
|
81
87
|
seed.readonly if seed.is_a?(Sodium::SecretBuffer)
|
|
82
88
|
crypto_box_seed_keypair(public_key, secret_key, seed)
|
|
83
89
|
secret_key.noaccess
|
|
@@ -94,6 +100,7 @@ module Crypto
|
|
|
94
100
|
check_length(secret_key, SECRETKEYBYTES, :SecretKey)
|
|
95
101
|
|
|
96
102
|
ciphertext = Sodium::Buffer.new(:uchar, message_len + MACBYTES)
|
|
103
|
+
ciphertext.primitive = PRIMITIVE
|
|
97
104
|
secret_key.readonly if secret_key.is_a?(Sodium::SecretBuffer)
|
|
98
105
|
crypto_box_easy(ciphertext, message, message_len, nonce, public_key, secret_key)
|
|
99
106
|
|
|
@@ -110,7 +117,7 @@ module Crypto
|
|
|
110
117
|
|
|
111
118
|
decrypted = Sodium::Buffer.new(:uchar, ciphertext_len - MACBYTES)
|
|
112
119
|
secret_key.readonly if secret_key.is_a?(Sodium::SecretBuffer)
|
|
113
|
-
|
|
120
|
+
unless crypto_box_open_easy(decrypted, ciphertext, ciphertext_len, nonce, public_key, secret_key).zero?
|
|
114
121
|
raise Sodium::CryptoError, "Message forged", caller
|
|
115
122
|
end
|
|
116
123
|
|
|
@@ -125,10 +132,9 @@ module Crypto
|
|
|
125
132
|
check_length(public_key, PUBLICKEYBYTES, :PublicKey)
|
|
126
133
|
check_length(secret_key, SECRETKEYBYTES, :SecretKey)
|
|
127
134
|
|
|
128
|
-
message_len = message.bytesize
|
|
129
135
|
message << zeros(MACBYTES)
|
|
130
136
|
secret_key.readonly if secret_key.is_a?(Sodium::SecretBuffer)
|
|
131
|
-
crypto_box_easy(message, message,
|
|
137
|
+
crypto_box_easy(message, message, get_size(message), nonce, public_key, secret_key)
|
|
132
138
|
|
|
133
139
|
message
|
|
134
140
|
ensure
|
|
@@ -137,7 +143,7 @@ module Crypto
|
|
|
137
143
|
|
|
138
144
|
def open_easy_in_place(data, nonce, public_key, secret_key, utf8 = false)
|
|
139
145
|
ciphertext = get_string(data)
|
|
140
|
-
unless (message_len = ciphertext
|
|
146
|
+
unless (message_len = get_size(ciphertext) - MACBYTES) > 0
|
|
141
147
|
fail Sodium::LengthError, "Ciphertext is too short", caller
|
|
142
148
|
end
|
|
143
149
|
|
|
@@ -146,7 +152,7 @@ module Crypto
|
|
|
146
152
|
check_length(secret_key, SECRETKEYBYTES, :SecretKey)
|
|
147
153
|
|
|
148
154
|
secret_key.readonly if secret_key.is_a?(Sodium::SecretBuffer)
|
|
149
|
-
|
|
155
|
+
unless crypto_box_open_easy(ciphertext, ciphertext, ciphertext.bytesize, nonce, public_key, secret_key).zero?
|
|
150
156
|
raise Sodium::CryptoError, "Message forged", caller
|
|
151
157
|
end
|
|
152
158
|
|
data/lib/crypto/generic_hash.rb
CHANGED
|
@@ -46,7 +46,6 @@ module Crypto
|
|
|
46
46
|
module_function
|
|
47
47
|
|
|
48
48
|
def generichash(message, hash_size = BYTES, key = nil)
|
|
49
|
-
message_len = get_size(message)
|
|
50
49
|
if hash_size > BYTES_MAX ||hash_size < BYTES_MIN
|
|
51
50
|
fail Sodium::LengthError, "Hash size must be between #{BYTES_MIN} and #{BYTES_MAX} bytes, got size=#{hash_size.to_int} bytes", caller
|
|
52
51
|
end
|
|
@@ -62,8 +61,9 @@ module Crypto
|
|
|
62
61
|
end
|
|
63
62
|
|
|
64
63
|
blake2b = Sodium::Buffer.new(:uchar, hash_size)
|
|
64
|
+
blake2b.primitive = PRIMITIVE
|
|
65
65
|
key.readonly if key.is_a?(Sodium::SecretBuffer)
|
|
66
|
-
|
|
66
|
+
unless crypto_generichash(blake2b, hash_size, message, get_size(message), key, key_len).zero?
|
|
67
67
|
raise Sodium::CryptoError
|
|
68
68
|
end
|
|
69
69
|
|
|
@@ -89,9 +89,10 @@ module Crypto
|
|
|
89
89
|
|
|
90
90
|
state = State.new
|
|
91
91
|
blake2b = Sodium::Buffer.new(:uchar, hash_size)
|
|
92
|
+
blake2b.primitive = PRIMITIVE
|
|
92
93
|
key.readonly if key.is_a?(Sodium::SecretBuffer)
|
|
93
94
|
|
|
94
|
-
|
|
95
|
+
unless crypto_generichash_init(state, key, key_len, hash_size).zero?
|
|
95
96
|
raise Sodium::CryptoError
|
|
96
97
|
end
|
|
97
98
|
|
|
@@ -101,17 +102,13 @@ module Crypto
|
|
|
101
102
|
end
|
|
102
103
|
|
|
103
104
|
def update(state, message)
|
|
104
|
-
|
|
105
|
-
|
|
106
|
-
if crypto_generichash_update(state, message, message_len) == -1
|
|
105
|
+
unless crypto_generichash_update(state, message, get_size(message)).zero?
|
|
107
106
|
raise Sodium::CryptoError
|
|
108
107
|
end
|
|
109
108
|
end
|
|
110
109
|
|
|
111
110
|
def final(state, blake2b)
|
|
112
|
-
|
|
113
|
-
|
|
114
|
-
if crypto_generichash_final(state, blake2b, blake2b.size) == -1
|
|
111
|
+
unless crypto_generichash_final(state, blake2b, blake2b.size).zero?
|
|
115
112
|
raise Sodium::CryptoError
|
|
116
113
|
end
|
|
117
114
|
|
data/lib/crypto/one_time_auth.rb
CHANGED
|
@@ -33,12 +33,12 @@ module Crypto
|
|
|
33
33
|
module_function
|
|
34
34
|
|
|
35
35
|
def onetimeauth(message, key)
|
|
36
|
-
message_len = get_size(message)
|
|
37
36
|
check_length(key, KEYBYTES, :SecretKey)
|
|
38
37
|
|
|
39
38
|
out = Sodium::Buffer.new(:uchar, BYTES)
|
|
39
|
+
out.primitive = PRIMITIVE
|
|
40
40
|
key.readonly if key.is_a?(Sodium::SecretBuffer)
|
|
41
|
-
crypto_onetimeauth(out, message,
|
|
41
|
+
crypto_onetimeauth(out, message, get_size(message), key)
|
|
42
42
|
|
|
43
43
|
out
|
|
44
44
|
ensure
|
|
@@ -51,9 +51,7 @@ module Crypto
|
|
|
51
51
|
check_length(key, KEYBYTES, :SecretKey)
|
|
52
52
|
|
|
53
53
|
key.readonly if key.is_a?(Sodium::SecretBuffer)
|
|
54
|
-
crypto_onetimeauth_verify(out, message,
|
|
55
|
-
|
|
56
|
-
rc == 0
|
|
54
|
+
crypto_onetimeauth_verify(out, message, get_size(message), key).zero?
|
|
57
55
|
ensure
|
|
58
56
|
key.noaccess if key.is_a?(Sodium::SecretBuffer)
|
|
59
57
|
end
|
|
@@ -71,13 +69,12 @@ module Crypto
|
|
|
71
69
|
end
|
|
72
70
|
|
|
73
71
|
def update(state, message)
|
|
74
|
-
|
|
75
|
-
|
|
76
|
-
crypto_onetimeauth_update(state, message, message_len)
|
|
72
|
+
crypto_onetimeauth_update(state, message, get_size(message))
|
|
77
73
|
end
|
|
78
74
|
|
|
79
75
|
def final(state)
|
|
80
76
|
out = Sodium::Buffer.new(:uchar, BYTES)
|
|
77
|
+
out.primitive = PRIMITIVE
|
|
81
78
|
crypto_onetimeauth_final(state, out)
|
|
82
79
|
|
|
83
80
|
out
|
|
@@ -7,7 +7,6 @@ require_relative '../../sodium/secret_buffer'
|
|
|
7
7
|
module Crypto
|
|
8
8
|
module PwHash
|
|
9
9
|
module ScryptSalsa208SHA256
|
|
10
|
-
PACK_C = 'c*'.freeze
|
|
11
10
|
PRIMITIVE = 'scryptsalsa208sha256'.freeze
|
|
12
11
|
|
|
13
12
|
extend FFI::Library
|
|
@@ -50,7 +49,7 @@ module Crypto
|
|
|
50
49
|
end
|
|
51
50
|
|
|
52
51
|
def scryptsalsa208sha256(outlen, passwd, salt, opslimit = OPSLIMIT_INTERACTIVE, memlimit = MEMLIMIT_INTERACTIVE)
|
|
53
|
-
|
|
52
|
+
out = nil
|
|
54
53
|
check_length(salt, SALTBYTES, :Salt)
|
|
55
54
|
if opslimit < OPSLIMIT_INTERACTIVE
|
|
56
55
|
fail Sodium::LengthError, "Opslimit must be at least #{OPSLIMIT_INTERACTIVE}, got #{opslimit.to_int}", caller
|
|
@@ -59,18 +58,17 @@ module Crypto
|
|
|
59
58
|
fail Sodium::LengthError, "Memlimit must be at least #{MEMLIMIT_INTERACTIVE}, got #{memlimit.to_int}", caller
|
|
60
59
|
end
|
|
61
60
|
|
|
62
|
-
out = Sodium::SecretBuffer.new(outlen)
|
|
63
|
-
|
|
64
|
-
out.noaccess
|
|
65
|
-
if rc == -1
|
|
61
|
+
out = Sodium::SecretBuffer.new(outlen, PRIMITIVE)
|
|
62
|
+
unless crypto_pwhash_scryptsalsa208sha256(out, outlen, passwd, get_size(passwd), salt, opslimit, memlimit).zero?
|
|
66
63
|
raise NoMemoryError, "Failed to allocate memory max size=#{memlimit.to_int} bytes", caller
|
|
67
64
|
end
|
|
68
65
|
|
|
69
66
|
out
|
|
67
|
+
ensure
|
|
68
|
+
out.noaccess if out
|
|
70
69
|
end
|
|
71
70
|
|
|
72
71
|
def str(passwd, opslimit = OPSLIMIT_INTERACTIVE, memlimit = MEMLIMIT_INTERACTIVE)
|
|
73
|
-
passwd_len = get_size(passwd)
|
|
74
72
|
if opslimit < OPSLIMIT_INTERACTIVE
|
|
75
73
|
fail Sodium::LengthError, "Opslimit must be at least #{OPSLIMIT_INTERACTIVE}, got #{opslimit.to_int}", caller
|
|
76
74
|
end
|
|
@@ -79,18 +77,15 @@ module Crypto
|
|
|
79
77
|
end
|
|
80
78
|
|
|
81
79
|
hashed_password = FFI::MemoryPointer.new(:char, STRBYTES)
|
|
82
|
-
|
|
80
|
+
unless crypto_pwhash_scryptsalsa208sha256_str(hashed_password, passwd, get_size(passwd), opslimit, memlimit).zero?
|
|
83
81
|
raise NoMemoryError, "Failed to allocate memory max size=#{memlimit.to_int} bytes", caller
|
|
84
82
|
end
|
|
85
83
|
|
|
86
|
-
hashed_password.
|
|
84
|
+
hashed_password.get_string(0)
|
|
87
85
|
end
|
|
88
86
|
|
|
89
87
|
def str_verify(str, passwd)
|
|
90
|
-
|
|
91
|
-
passwd_len = get_size(passwd)
|
|
92
|
-
|
|
93
|
-
crypto_pwhash_scryptsalsa208sha256_str_verify(str, passwd, passwd_len) == 0
|
|
88
|
+
crypto_pwhash_scryptsalsa208sha256_str_verify(str, passwd, get_size(passwd)).zero?
|
|
94
89
|
end
|
|
95
90
|
end
|
|
96
91
|
|
data/lib/crypto/scalar_mult.rb
CHANGED
|
@@ -27,6 +27,7 @@ module Crypto
|
|
|
27
27
|
check_length(secret_key, SCALARBYTES, :SecretKey)
|
|
28
28
|
|
|
29
29
|
public_key = Sodium::Buffer.new(:uchar, BYTES)
|
|
30
|
+
public_key.primitive = PRIMITIVE
|
|
30
31
|
secret_key.readonly if secret_key.is_a?(Sodium::SecretBuffer)
|
|
31
32
|
crypto_scalarmult_base(public_key, secret_key)
|
|
32
33
|
|
|
@@ -39,7 +40,7 @@ module Crypto
|
|
|
39
40
|
check_length(secret_key, SCALARBYTES, :SecretKey)
|
|
40
41
|
check_length(public_key, BYTES, :PublicKey)
|
|
41
42
|
|
|
42
|
-
shared_secret = Sodium::SecretBuffer.new(BYTES)
|
|
43
|
+
shared_secret = Sodium::SecretBuffer.new(BYTES, PRIMITIVE)
|
|
43
44
|
secret_key.readonly if secret_key.is_a?(Sodium::SecretBuffer)
|
|
44
45
|
crypto_scalarmult(shared_secret, secret_key, public_key)
|
|
45
46
|
shared_secret.noaccess
|
data/lib/crypto/secret_box.rb
CHANGED
|
@@ -37,6 +37,7 @@ module Crypto
|
|
|
37
37
|
check_length(key, KEYBYTES, :SecretKey)
|
|
38
38
|
|
|
39
39
|
ciphertext = Sodium::Buffer.new(:uchar, message_len + MACBYTES)
|
|
40
|
+
ciphertext.primitive = PRIMITIVE
|
|
40
41
|
key.readonly if key.is_a?(Sodium::SecretBuffer)
|
|
41
42
|
crypto_secretbox_easy(ciphertext, message, message_len, nonce, key)
|
|
42
43
|
|
|
@@ -53,7 +54,7 @@ module Crypto
|
|
|
53
54
|
decrypted = Sodium::Buffer.new(:uchar, ciphertext_len - MACBYTES)
|
|
54
55
|
key.readonly if key.is_a?(Sodium::SecretBuffer)
|
|
55
56
|
|
|
56
|
-
|
|
57
|
+
unless crypto_secretbox_open_easy(decrypted, ciphertext, ciphertext_len, nonce, key).zero?
|
|
57
58
|
raise Sodium::CryptoError, "Message forged", caller
|
|
58
59
|
end
|
|
59
60
|
|
|
@@ -67,10 +68,9 @@ module Crypto
|
|
|
67
68
|
check_length(nonce, NONCEBYTES, :Nonce)
|
|
68
69
|
check_length(key, KEYBYTES, :SecretKey)
|
|
69
70
|
|
|
70
|
-
message_len = message.bytesize
|
|
71
71
|
message << zeros(MACBYTES)
|
|
72
72
|
key.readonly if key.is_a?(Sodium::SecretBuffer)
|
|
73
|
-
crypto_secretbox_easy(message, message,
|
|
73
|
+
crypto_secretbox_easy(message, message, get_size(message), nonce, key)
|
|
74
74
|
|
|
75
75
|
message
|
|
76
76
|
ensure
|
|
@@ -79,7 +79,7 @@ module Crypto
|
|
|
79
79
|
|
|
80
80
|
def open_easy_in_place(data, nonce, key, utf8 = false)
|
|
81
81
|
ciphertext = get_string(data)
|
|
82
|
-
unless (message_len = ciphertext
|
|
82
|
+
unless (message_len = get_size(ciphertext) - MACBYTES) > 0
|
|
83
83
|
fail Sodium::LengthError, "Ciphertext is too short", caller
|
|
84
84
|
end
|
|
85
85
|
|
|
@@ -87,7 +87,7 @@ module Crypto
|
|
|
87
87
|
check_length(key, KEYBYTES, :SecretKey)
|
|
88
88
|
|
|
89
89
|
key.readonly if key.is_a?(Sodium::SecretBuffer)
|
|
90
|
-
|
|
90
|
+
unless crypto_secretbox_open_easy(ciphertext, ciphertext, ciphertext.bytesize, nonce, key).zero?
|
|
91
91
|
raise Sodium::CryptoError, "Message forged", caller
|
|
92
92
|
end
|
|
93
93
|
|
data/lib/crypto/short_hash.rb
CHANGED
|
@@ -23,12 +23,12 @@ module Crypto
|
|
|
23
23
|
module_function
|
|
24
24
|
|
|
25
25
|
def shorthash(short_data, key)
|
|
26
|
-
short_data_len = get_size(short_data)
|
|
27
26
|
check_length(key, KEYBYTES, :SecretKey)
|
|
28
27
|
|
|
29
28
|
siphash = Sodium::Buffer.new(:uchar, BYTES)
|
|
29
|
+
siphash.primitive = PRIMITIVE
|
|
30
30
|
key.readonly if key.is_a?(Sodium::SecretBuffer)
|
|
31
|
-
crypto_shorthash(siphash, short_data,
|
|
31
|
+
crypto_shorthash(siphash, short_data, get_size(short_data), key)
|
|
32
32
|
|
|
33
33
|
siphash
|
|
34
34
|
ensure
|
data/lib/crypto/sign.rb
CHANGED
|
@@ -26,14 +26,16 @@ module Crypto
|
|
|
26
26
|
attach_function :crypto_sign_keypair, [:buffer_out, :buffer_out], :int, blocking: true
|
|
27
27
|
attach_function :crypto_sign_seed_keypair, [:buffer_out, :buffer_out, :buffer_in], :int, blocking: true
|
|
28
28
|
|
|
29
|
-
attach_function :crypto_sign, [:buffer_out, :
|
|
30
|
-
attach_function :crypto_sign_open, [:buffer_out, :
|
|
29
|
+
attach_function :crypto_sign, [:buffer_out, :pointer, :buffer_in, :ulong_long, :buffer_in], :int, blocking: true
|
|
30
|
+
attach_function :crypto_sign_open, [:buffer_out, :pointer, :buffer_in, :ulong_long, :buffer_in], :int, blocking: true
|
|
31
31
|
|
|
32
32
|
module_function
|
|
33
33
|
|
|
34
34
|
def keypair
|
|
35
35
|
public_key = Sodium::Buffer.new(:uchar, PUBLICKEYBYTES)
|
|
36
|
+
public_key.primitive = PRIMITIVE
|
|
36
37
|
secret_key = Sodium::Buffer.new(:uchar, SECRETKEYBYTES)
|
|
38
|
+
secret_key.primitive = PRIMITIVE
|
|
37
39
|
crypto_sign_keypair(public_key, secret_key)
|
|
38
40
|
|
|
39
41
|
[public_key, secret_key]
|
|
@@ -43,7 +45,9 @@ module Crypto
|
|
|
43
45
|
check_length(seed, SEEDBYTES, :Seed)
|
|
44
46
|
|
|
45
47
|
public_key = Sodium::Buffer.new(:uchar, PUBLICKEYBYTES)
|
|
48
|
+
public_key.primitive = PRIMITIVE
|
|
46
49
|
secret_key = Sodium::Buffer.new(:uchar, SECRETKEYBYTES)
|
|
50
|
+
secret_key.primitive = PRIMITIVE
|
|
47
51
|
seed.readonly if seed.is_a?(Sodium::SecretBuffer)
|
|
48
52
|
crypto_sign_seed_keypair(public_key, secret_key, seed)
|
|
49
53
|
|
|
@@ -54,7 +58,8 @@ module Crypto
|
|
|
54
58
|
|
|
55
59
|
def memory_locked_keypair
|
|
56
60
|
public_key = Sodium::Buffer.new(:uchar, PUBLICKEYBYTES)
|
|
57
|
-
|
|
61
|
+
public_key.primitive = PRIMITIVE
|
|
62
|
+
secret_key = Sodium::SecretBuffer.new(SECRETKEYBYTES, PRIMITIVE)
|
|
58
63
|
crypto_sign_keypair(public_key, secret_key)
|
|
59
64
|
secret_key.noaccess
|
|
60
65
|
|
|
@@ -65,7 +70,8 @@ module Crypto
|
|
|
65
70
|
check_length(seed, SEEDBYTES, :Seed)
|
|
66
71
|
|
|
67
72
|
public_key = Sodium::Buffer.new(:uchar, PUBLICKEYBYTES)
|
|
68
|
-
|
|
73
|
+
public_key.primitive = PRIMITIVE
|
|
74
|
+
secret_key = Sodium::SecretBuffer.new(SECRETKEYBYTES, PRIMITIVE)
|
|
69
75
|
seed.readonly if seed.is_a?(Sodium::SecretBuffer)
|
|
70
76
|
crypto_sign_seed_keypair(public_key, secret_key, seed)
|
|
71
77
|
secret_key.noaccess
|
|
@@ -80,6 +86,7 @@ module Crypto
|
|
|
80
86
|
check_length(secret_key, SECRETKEYBYTES, :SecretKey)
|
|
81
87
|
|
|
82
88
|
sealed_message = Sodium::Buffer.new(:uchar, message_len + BYTES)
|
|
89
|
+
sealed_message.primitive = PRIMITIVE
|
|
83
90
|
secret_key.readonly if secret_key.is_a?(Sodium::SecretBuffer)
|
|
84
91
|
crypto_sign(sealed_message, nil, message, message_len, secret_key)
|
|
85
92
|
|
|
@@ -93,8 +100,8 @@ module Crypto
|
|
|
93
100
|
check_length(public_key, PUBLICKEYBYTES, :PublicKey)
|
|
94
101
|
|
|
95
102
|
unsealed_message = Sodium::Buffer.new(:uchar, sealed_message_len - BYTES)
|
|
96
|
-
unsealed_message_len = FFI::MemoryPointer.new(:
|
|
97
|
-
|
|
103
|
+
unsealed_message_len = FFI::MemoryPointer.new(:pointer)
|
|
104
|
+
unless crypto_sign_open(unsealed_message, unsealed_message_len, sealed_message, sealed_message_len, public_key).zero?
|
|
98
105
|
raise Sodium::CryptoError, "Incorrect signature", caller
|
|
99
106
|
end
|
|
100
107
|
|
data/lib/crypto/sign/ed25519.rb
CHANGED
|
@@ -47,10 +47,11 @@ module Crypto
|
|
|
47
47
|
curve25519_sk = Sodium::SecretBuffer.new(ScalarMult::BYTES)
|
|
48
48
|
secret_key.readonly if secret_key.is_a?(Sodium::SecretBuffer)
|
|
49
49
|
crypto_sign_ed25519_sk_to_curve25519(curve25519_sk, secret_key)
|
|
50
|
-
secret_key.noaccess if secret_key.is_a?(Sodium::SecretBuffer)
|
|
51
50
|
curve25519_sk.noaccess
|
|
52
51
|
|
|
53
52
|
curve25519_sk
|
|
53
|
+
ensure
|
|
54
|
+
secret_key.noaccess if secret_key.is_a?(Sodium::SecretBuffer)
|
|
54
55
|
end
|
|
55
56
|
end
|
|
56
57
|
end
|
data/lib/random_bytes.rb
CHANGED
data/lib/sodium.rb
CHANGED
|
@@ -24,13 +24,13 @@ module Sodium
|
|
|
24
24
|
module_function
|
|
25
25
|
|
|
26
26
|
def mlock(addr, len)
|
|
27
|
-
|
|
27
|
+
unless sodium_mlock(addr, len).zero?
|
|
28
28
|
raise MemoryError, "Could not lock length=#{len.to_int} bytes memory at address=#{addr.address}", caller
|
|
29
29
|
end
|
|
30
30
|
end
|
|
31
31
|
|
|
32
32
|
def munlock(addr, len)
|
|
33
|
-
|
|
33
|
+
unless sodium_munlock(addr, len).zero?
|
|
34
34
|
raise MemoryError, "Could not unlock length=#{len.to_int} bytes memory at address=#{addr.address}", caller
|
|
35
35
|
end
|
|
36
36
|
end
|
|
@@ -50,19 +50,19 @@ module Sodium
|
|
|
50
50
|
end
|
|
51
51
|
|
|
52
52
|
def noaccess(ptr)
|
|
53
|
-
|
|
53
|
+
unless sodium_mprotect_noaccess(ptr).zero?
|
|
54
54
|
raise MemoryError, "Memory at address=#{ptr.address} is not secured with #{self}.malloc", caller
|
|
55
55
|
end
|
|
56
56
|
end
|
|
57
57
|
|
|
58
58
|
def readonly(ptr)
|
|
59
|
-
|
|
59
|
+
unless sodium_mprotect_readonly(ptr).zero?
|
|
60
60
|
raise MemoryError, "Memory at address=#{ptr.address} is not secured with #{self}.malloc", caller
|
|
61
61
|
end
|
|
62
62
|
end
|
|
63
63
|
|
|
64
64
|
def readwrite(ptr)
|
|
65
|
-
|
|
65
|
+
unless sodium_mprotect_readwrite(ptr).zero?
|
|
66
66
|
raise MemoryError, "Memory at address=#{ptr.address} is not secured with #{self}.malloc", caller
|
|
67
67
|
end
|
|
68
68
|
end
|
data/lib/sodium/buffer.rb
CHANGED
data/lib/sodium/secret_buffer.rb
CHANGED
|
@@ -7,53 +7,50 @@ module Sodium
|
|
|
7
7
|
class SecretBuffer
|
|
8
8
|
extend Forwardable
|
|
9
9
|
|
|
10
|
-
|
|
10
|
+
attr_reader :size, :primitive, :to_ptr
|
|
11
|
+
def_delegators :to_ptr, :address, :to_i
|
|
11
12
|
|
|
12
|
-
|
|
13
|
-
|
|
14
|
-
def initialize(size)
|
|
13
|
+
def initialize(size, primitive = nil)
|
|
15
14
|
@size = Utils.get_int(size)
|
|
16
|
-
@
|
|
15
|
+
@primitive = primitive
|
|
16
|
+
@to_ptr = Sodium.malloc(self.size)
|
|
17
17
|
setup_finalizer
|
|
18
18
|
end
|
|
19
19
|
|
|
20
|
-
def to_ptr
|
|
21
|
-
@buffer
|
|
22
|
-
end
|
|
23
|
-
|
|
24
20
|
def free
|
|
25
21
|
remove_finalizer
|
|
26
22
|
readwrite
|
|
27
|
-
Sodium.free(
|
|
28
|
-
@size = @
|
|
23
|
+
Sodium.free(to_ptr)
|
|
24
|
+
@size = @primitive = @to_ptr = nil
|
|
29
25
|
end
|
|
30
26
|
|
|
31
27
|
def noaccess
|
|
32
|
-
Sodium.noaccess(
|
|
28
|
+
Sodium.noaccess(to_ptr)
|
|
33
29
|
end
|
|
34
30
|
|
|
35
31
|
def readonly
|
|
36
|
-
Sodium.readonly(
|
|
32
|
+
Sodium.readonly(to_ptr)
|
|
37
33
|
end
|
|
38
34
|
|
|
39
35
|
def readwrite
|
|
40
|
-
Sodium.readwrite(
|
|
36
|
+
Sodium.readwrite(to_ptr)
|
|
41
37
|
end
|
|
42
38
|
|
|
43
39
|
private
|
|
44
40
|
|
|
45
41
|
def setup_finalizer
|
|
46
|
-
ObjectSpace.define_finalizer(
|
|
42
|
+
ObjectSpace.define_finalizer(to_ptr, self.class.free(to_ptr.address))
|
|
47
43
|
end
|
|
48
44
|
|
|
49
45
|
def remove_finalizer
|
|
50
|
-
ObjectSpace.undefine_finalizer
|
|
46
|
+
ObjectSpace.undefine_finalizer to_ptr
|
|
51
47
|
end
|
|
52
48
|
|
|
53
49
|
def self.free(address)
|
|
54
50
|
->(obj_id) do
|
|
55
|
-
|
|
56
|
-
Sodium.
|
|
51
|
+
ptr = FFI::Pointer.new(address)
|
|
52
|
+
Sodium.readwrite(ptr)
|
|
53
|
+
Sodium.free(ptr)
|
|
57
54
|
true
|
|
58
55
|
end
|
|
59
56
|
end
|
data/lib/sodium/utils.rb
CHANGED
|
@@ -36,15 +36,15 @@ module Sodium
|
|
|
36
36
|
string
|
|
37
37
|
elsif string.respond_to?(:to_str)
|
|
38
38
|
string.to_str
|
|
39
|
-
elsif string.respond_to?(:
|
|
40
|
-
string.
|
|
39
|
+
elsif string.respond_to?(:get_string)
|
|
40
|
+
string.get_string(0)
|
|
41
41
|
else
|
|
42
42
|
fail ArgumentError, "#{string.class} is not a String", caller
|
|
43
43
|
end
|
|
44
44
|
end
|
|
45
45
|
|
|
46
46
|
def get_int(int)
|
|
47
|
-
if int.is_a?(
|
|
47
|
+
if int.is_a?(Fixnum)
|
|
48
48
|
int
|
|
49
49
|
elsif int.respond_to?(:to_int)
|
|
50
50
|
int.to_int
|
data/lib/sodium/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: ffi-libsodium
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.1.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Hendrik Beskow
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2014-
|
|
11
|
+
date: 2014-12-06 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: ffi
|