RubyGems - rbnacl-libsodium - Versions diffs - 1.0.10 → 1.0.11 - Mend

rbnacl-libsodium 1.0.10 → 1.0.11

Files changed (124) hide show

data/vendor/libsodium/examples/box_detached.c DELETED

@@ -1,134 +0,0 @@
-/*
- * GraxRabble
- * example programs for libsodium.
- */
-#include <sodium.h> /* library header */
-#include "utils.h" /* utility functions shared by examples */
-/*
- * Using public-key authenticated encryption, Bob can encrypt a
- * confidential message specifically for Alice, using Alice's public
- * key.
- *
- * Using Bob's public key, Alice can verify that the encrypted
- * message was actually created by Bob and was not tampered with,
- * before eventually decrypting it.
- *
- * Alice only needs Bob's public key, the nonce and the ciphertext.
- * Bob should never ever share his secret key, even with Alice.
- *
- * And in order to send messages to Alice, Bob only needs Alice's
- * public key. Alice should never ever share her secret key either,
- * even with Bob.
- *
- * Alice can reply to Bob using the same system, without having to
- * generate a distinct key pair.
- *
- * The nonce doesn't have to be confidential, but it should be used
- * with just one invokation of crypto_box_open_easy() for a
- * particular pair of public and secret keys.
- *
- * One easy way to generate a nonce is to use randombytes_buf(),
- * considering the size of nonces the risk of any random collisions
- * is negligible. For some applications, if you wish to use nonces to
- * detect missing messages or to ignore replayed messages, it is also
- * ok to use a simple incrementing counter as a nonce.
- *
- * When doing so you must ensure that the same value can never be
- * re-used (for example you may have multiple threads or even hosts
- * generating messages using the same key pairs).
- *
- * This system provides mutual authentication. However, a typical use
- * case is to secure communications between a server, whose public
- * key is known in advance, and clients connecting anonymously.
- */
-static int
-box_detached(void)
-{
-    unsigned char bob_pk[crypto_box_PUBLICKEYBYTES]; /* Bob's public key */
-    unsigned char bob_sk[crypto_box_SECRETKEYBYTES]; /* Bob's secret key */
-    unsigned char alice_pk[crypto_box_PUBLICKEYBYTES]; /* Alice's public key */
-    unsigned char alice_sk[crypto_box_SECRETKEYBYTES]; /* Alice's secret key */
-    unsigned char nonce[crypto_box_NONCEBYTES];
-    unsigned char message[MAX_INPUT_LEN];
-    unsigned char mac[crypto_box_MACBYTES];
-    unsigned char ciphertext[MAX_INPUT_LEN];
-    size_t        message_len;
-    int           ret;
-    puts("Example: crypto_box_detached\n");
-    puts("Generating keypairs...\n");
-    crypto_box_keypair(bob_pk, bob_sk);     /* generate Bob's keys */
-    crypto_box_keypair(alice_pk, alice_sk); /* generate Alice's keys */
-    puts("Bob");
-    printf("Public key: ");
-    print_hex(bob_pk, sizeof bob_pk);
-    printf("Secret key: ");
-    print_hex(bob_sk, sizeof bob_sk);
-    puts("Alice");
-    printf("Public key: ");
-    print_hex(alice_pk, sizeof alice_pk);
-    printf("Secret key: ");
-    print_hex(alice_sk, sizeof alice_sk);
-    /* nonce must be unique per (key, message) - it can be public and deterministic */
-    puts("Generating nonce...");
-    randombytes_buf(nonce, sizeof nonce);
-    printf("Nonce: ");
-    print_hex(nonce, sizeof nonce);
-    /* read input */
-    message_len = prompt_input("a message", (char*)message, sizeof message, 1);
-    print_hex(message, message_len);
-    /* encrypt and authenticate the message */
-    printf("Encrypting and authenticating with %s\n\n", crypto_box_primitive());
-    if (crypto_box_detached(ciphertext, mac, message, message_len, nonce,
-                            alice_pk, bob_sk) != 0) {
-        abort();
-    }
-    /* send the nonce, the MAC and the ciphertext */
-    puts("Bob sends the nonce, the MAC and the ciphertext...\n");
-    printf("Nonce: ");
-    print_hex(nonce, sizeof nonce);
-    printf("MAC: ");
-    print_hex(mac, sizeof mac);
-    printf("Ciphertext: ");
-    print_hex(ciphertext, message_len);
-    /* decrypt the message */
-    puts("Alice verifies the MAC and decrypts the ciphertext...");
-    ret = crypto_box_open_detached(message, ciphertext, mac, message_len, nonce,
-                                   bob_pk, alice_sk);
-    print_hex(message, message_len);
-    print_verification(ret);
-    if (ret == 0) {
-        printf("Plaintext: ");
-        fwrite(message, 1U, message_len, stdout);
-        putchar('\n');
-    }
-    sodium_memzero(bob_sk, sizeof bob_sk); /* wipe sensitive data */
-    sodium_memzero(alice_sk, sizeof alice_sk);
-    sodium_memzero(message, sizeof message);
-    sodium_memzero(ciphertext, sizeof ciphertext);
-    return ret;
-}
-int
-main(void)
-{
-    init();
-    return box_detached() != 0;
-}

data/vendor/libsodium/examples/generichash.c DELETED

@@ -1,80 +0,0 @@
-/*
- * GraxRabble
- * example programs for libsodium.
- */
-#include <sodium.h> /* library header */
-#include "utils.h" /* utility functions shared by examples */
-/*
- * This function computes a fixed-length fingerprint for an arbitrary long message.
- *
- * Sample use cases:
- *
- * File integrity checking
- * Creating unique identifiers to index arbitrary long data
- *
- * The crypto_generichash() function puts a fingerprint of the
- * message in whose length is inlen bytes into out. The output size
- * can be chosen by the application.
- *
- * The minimum recommended output size is crypto_generichash_BYTES.
- * This size makes it practically impossible for two messages to
- * produce the same fingerprint.
- *
- * But for specific use cases, the size can be any value between
- * crypto_generichash_BYTES_MIN (included) and
- * crypto_generichash_BYTES_MAX (included).
- *
- * key can be NULL and keylen can be 0. In this case, a message will
- * always have the same fingerprint, similar to the MD5 or SHA-1
- * functions for which crypto_generichash() is a faster and more
- * secure alternative.
- *
- * But a key can also be specified. A message will always have the
- * same fingerprint for a given key, but different keys used to hash
- * the same message are very likely to produce distinct fingerprints.
- *
- * In particular, the key can be used to make sure that different
- * applications generate different fingerprints even if they process
- * the same data.
- *
- * The recommended key size is crypto_generichash_KEYBYTES bytes.
- *
- * However, the key size can by any value between
- * crypto_generichash_KEYBYTES_MIN (included) and
- * crypto_generichash_KEYBYTES_MAX (included).
- */
-void
-generichash(void)
-{
-    unsigned char key[crypto_generichash_KEYBYTES_MAX];
-    unsigned char hash[crypto_generichash_BYTES];
-    unsigned char message[MAX_INPUT_LEN];
-    size_t        message_len;
-    size_t        key_len;
-    puts("Example: crypto_generichash\n");
-    key_len = prompt_input("a key", (char*)key, sizeof key, 1);
-    message_len = prompt_input("a message", (char*)message, sizeof message, 1);
-    printf("Hashing message with %s\n", crypto_generichash_primitive());
-    if (crypto_generichash(hash, sizeof hash, message, message_len,
-                           key, key_len) != 0) {
-        puts("Couldn't hash the message, probably due to the key length");
-    } else {
-        printf("Hash: ");
-        print_hex(hash, sizeof hash);
-    }
-}
-int
-main(void)
-{
-    init();
-    generichash();
-    return 0;
-}

data/vendor/libsodium/examples/generichash_stream.c DELETED

@@ -1,58 +0,0 @@
-/*
- * GraxRabble
- * example programs for libsodium.
- */
-#include <sodium.h> /* library header */
-#include "utils.h" /* utility functions shared by examples */
-/*
- * Streaming variant of generic hash. This has the ability to hash
- * data in chunks at a time and compute the same result as hashing
- * all of the data at once.
- */
-void
-generichash_stream(void)
-{
-    unsigned char            key[crypto_generichash_KEYBYTES_MAX];
-    unsigned char            hash[crypto_generichash_BYTES];
-    unsigned char            message_part[MAX_INPUT_LEN];
-    crypto_generichash_state state;
-    size_t                   message_part_len;
-    puts("Example: crypto_generichashstream\n");
-    prompt_input("a key", (char*)key, sizeof key, 1);
-    printf("Hashing message with %s\n", crypto_generichash_primitive());
-    /* initialize the stream */
-    if (crypto_generichash_init(&state, key, sizeof key, sizeof hash) != 0) {
-        puts("Couldn't hash the message, probably due to the key length");
-        exit(EXIT_FAILURE);
-    }
-    for(;;) {
-        message_part_len = prompt_input("the next part of the message",
-                                        (char*)message_part, sizeof message_part, 1);
-        if (message_part_len == 0)
-            break;
-        /* keep appending data */
-        crypto_generichash_update(&state, message_part, message_part_len);
-    }
-    crypto_generichash_final(&state, hash, sizeof hash);
-    printf("Hash: ");
-    print_hex(hash, sizeof hash);
-}
-int
-main(void)
-{
-    init();
-    generichash_stream();
-    return 0;
-}

data/vendor/libsodium/examples/shorthash.c DELETED

@@ -1,58 +0,0 @@
-/*
- * GraxRabble
- * example programs for libsodium.
- */
-#include <sodium.h> /* library header */
-#include "utils.h" /* utility functions shared by examples */
-/*
- * Many applications and programming language implementations were
- * recently found to be vulnerable to denial-of-service attacks when
- * a hash function with weak security guarantees, such as Murmurhash
- * 3, was used to construct a hash table.
- *
- * In order to address this, Sodium provides the crypto_shorthash()
- * function, which outputs short but unpredictable (without knowing
- * the secret key) values suitable for picking a list in a hash table
- * for a given key.
- *
- * This function is optimized for short inputs.
- *
- * The output of this function is only 64 bits. Therefore, it should
- * not be considered collision-resistant.
- *
- * Use cases:
- *
- * - Hash tables
- * - Probabilistic data structures such as Bloom filters
- * - Integrity checking in interactive protocols
- */
-void
-shorthash(void)
-{
-    unsigned char key[crypto_shorthash_KEYBYTES];
-    unsigned char hash[crypto_shorthash_BYTES];
-    unsigned char message[MAX_INPUT_LEN];
-    size_t        message_len;
-    puts("Example: crypto_shorthash\n");
-    prompt_input("a key", (char*)key, sizeof key, 0);
-    message_len = prompt_input("a message", (char*)message, sizeof message, 1);
-    printf("Hashing the message with %s\n", crypto_shorthash_primitive());
-    crypto_shorthash(hash, message, message_len, key);
-    printf("Hash: ");
-    print_hex(hash, sizeof hash);
-}
-int
-main(void)
-{
-    init();
-    shorthash();
-    return 0;
-}

data/vendor/libsodium/examples/sign.c DELETED

@@ -1,78 +0,0 @@
-/*
- * GraxRabble
- * example programs for libsodium.
- */
-#include <sodium.h> /* library header */
-#include "utils.h" /* utility functions shared by examples */
-/*
- * Signs a message with secret key which will authenticate a message.
- * Everybody else can use the public key to ensure that the message is both
- * valid and untampered.
- *
- * Note that the signed message will have 16 bytes of signature prepended.
- * Ensure that the signed buffer is at least crypto_sign_BYTES longer then
- * the actual message.
- */
-static int
-sign(void)
-{
-    unsigned char      pk[crypto_sign_PUBLICKEYBYTES]; /* Bob's public key */
-    unsigned char      sk[crypto_sign_SECRETKEYBYTES]; /* Bob's secret key */
-    unsigned char      message[MAX_INPUT_LEN];
-    unsigned char      message_signed[crypto_sign_BYTES + MAX_INPUT_LEN];
-    unsigned long long message_len;
-    unsigned long long message_signed_len;
-    int                ret;
-    puts("Example: crypto_sign\n");
-    puts("Generating keypair...");
-    crypto_sign_keypair(pk, sk); /* generate Bob's keys */
-    printf("Public key: ");
-    print_hex(pk, sizeof pk);
-    printf("Secret key: ");
-    print_hex(sk, sizeof sk);
-    puts("The secret key, as returned by crypto_sign_keypair(), actually includes "
-         "a copy of the public key, in order to avoid a scalar multiplication "
-         "when signing messages.");
-    message_len = prompt_input("a message", (char*)message, sizeof message, 1);
-    printf("Signing message with %s...\n", crypto_sign_primitive());
-    crypto_sign(message_signed, &message_signed_len, message, message_len, sk);
-    sodium_memzero(sk, sizeof sk); /* wipe sensitive data */
-    printf("Signed message:");
-    print_hex(message_signed, message_signed_len);
-    printf("A %u bytes signature was prepended to the message\n",
-           crypto_sign_BYTES);
-    printf("Signature: ");
-    print_hex(message_signed, crypto_sign_BYTES);
-    printf("Message: ");
-    fwrite(message_signed + crypto_sign_BYTES, 1U,
-           message_signed_len - crypto_sign_BYTES, stdout);
-    putchar('\n');
-    puts("Validating message...");
-    ret = crypto_sign_open(message, &message_len, message_signed,
-                           message_signed_len, pk);
-    print_verification(ret);
-    if (ret == 0)
-        printf("Message: %s\n", message);
-    return ret;
-}
-int
-main(void)
-{
-    init();
-    return sign() != 0;
-}

data/vendor/libsodium/examples/utils.h DELETED

@@ -1,110 +0,0 @@
-/*
- * Utility functions shared by all the demo programs.
- */
-#ifndef UTILS_H
-#define UTILS_H
-#include <limits.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <sodium.h>
-#define MAX_INPUT_LEN 4096
-/*
- * print_hex() is a wrapper around sodium_bin2hex() which allocates
- * temporary memory then immediately prints the result followed by \n
- */
-static void
-print_hex(const void *bin, const size_t bin_len)
-{
-    char   *hex;
-    size_t  hex_size;
-    if (bin_len >= SIZE_MAX / 2) {
-        abort();
-    }
-    hex_size = bin_len * 2 + 1;
-    if ((hex = malloc(hex_size)) == NULL) {
-        abort();
-    }
-    /* the library supplies a few utility functions like the one below */
-    if (sodium_bin2hex(hex, hex_size, bin, bin_len) == NULL) {
-        abort();
-    }
-    puts(hex);
-    free(hex);
-}
-/*
- * Display a prompt for input by user. It will save the input into a buffer
- * of a specific size with room for the null terminator while removing
- * trailing newline characters.
- */
-static size_t
-prompt_input(const char *prompt, char *input, const size_t max_input_len,
-             int variable_length)
-{
-    char   input_tmp[MAX_INPUT_LEN + 1U];
-    size_t actual_input_len;
-    if (variable_length != 0) {
-        printf("\nEnter %s (%zu bytes max) > ", prompt, max_input_len);
-    } else {
-        printf("\nEnter %s (%zu bytes) > ", prompt, max_input_len);
-    }
-    fflush(stdout);
-    if (fgets(input_tmp, sizeof input_tmp, stdin) == NULL) {
-        input_tmp[0] = '\0';
-    }
-    actual_input_len = strlen(input_tmp);
-    /* trim \n */
-    if (actual_input_len > 0 && input_tmp[actual_input_len - 1] == '\n') {
-        input_tmp[actual_input_len - 1] = '\0';
-        --actual_input_len;
-    }
-    if (actual_input_len > max_input_len) {
-        printf("Warning: truncating input to %zu bytes\n\n", max_input_len);
-        actual_input_len = max_input_len;
-    } else if (actual_input_len < max_input_len && variable_length == 0) {
-        printf("Warning: %zu bytes expected, %zu bytes given: padding with zeros\n\n",
-               max_input_len, actual_input_len);
-        memset(input, 0, max_input_len);
-    } else {
-        printf("Length: %zu bytes\n\n", actual_input_len);
-    }
-    memcpy(input, input_tmp, actual_input_len);
-    if (variable_length == 0) {
-        return max_input_len;
-    } else {
-        return actual_input_len;
-    }
-}
-/*
- * Display whether the function was sucessful or failed.
- */
-static void
-print_verification(int ret)
-{
-    if (ret == 0)
-        puts("Success!\n");
-    else
-        puts("Failure.\n");
-}
-static void
-init(void)
-{
-    if (sodium_init() != 0) {
-        abort();
-    }
-    printf("Using libsodium %s\n", sodium_version_string());
-}
-#endif /* UTILS_H */