rbnacl 1.0.0.pre

data/lib/rbnacl/rake_tasks.rb

@@ -0,0 +1,56 @@
+# encoding: binary
+require 'rake'
+require 'rake/clean'
+require 'digest/sha2'
+
+LIBSODIUM_VERSION = "0.2"
+
+def sh_hidden(command)
+  STDERR.puts("*** Executing: #{command}")
+  output = `#{command}`
+
+  if !$?.success?
+    STDERR.puts "!!! Error executing: #{command}"
+    STDERR.puts output
+    exit 1
+  end
+end
+
+libsodium_tarball = "libsodium-#{LIBSODIUM_VERSION}.tar.gz"
+
+file libsodium_tarball do
+  sh "curl -O http://download.dnscrypt.org/libsodium/releases/libsodium-#{LIBSODIUM_VERSION}.tar.gz"
+
+  digest = Digest::SHA256.hexdigest(File.read(libsodium_tarball))
+  if digest != "e99a6b69adc080a5acf6b8a49fdc74b61d6f3579b590e85c93446a8325dde100"
+    rm libsodium_tarball
+    raise "#{libsodium_tarball} failed checksum!"
+  end
+end
+
+file "libsodium" => "libsodium-#{LIBSODIUM_VERSION}.tar.gz" do
+  sh "tar xzf libsodium-#{LIBSODIUM_VERSION}.tar.gz"
+  mv "libsodium-#{LIBSODIUM_VERSION}", "libsodium"
+end
+
+file "libsodium/Makefile" => "libsodium" do
+  sh_hidden "cd libsodium && ./configure"
+end
+
+file "libsodium/src/libsodium/.libs/libsodium.a" => "libsodium/Makefile" do
+  sh_hidden "cd libsodium && make"
+end
+
+if `uname` == 'Darwin'
+  libsodium_lib = "libsodium.bundle"
+else
+  libsodium_lib = "libsodium.so"
+end
+
+file "libsodium/src/libsodium/.libs/#{libsodium_lib}" => "libsodium/src/libsodium/.libs/libsodium.a"
+
+task :build_libsodium => "libsodium/src/libsodium/.libs/#{libsodium_lib}" do
+  $LIBSODIUM_PATH = "libsodium/src/libsodium/.libs/#{libsodium_lib}"
+end
+
+CLEAN.add "libsodium", "libsodium-*.tar.gz"

data/lib/rbnacl/random.rb

@@ -0,0 +1,19 @@
+# encoding: binary
+module Crypto
+  # Functions for random number generation
+  #
+  # This uses the underlying source of random number generation on the OS, so
+  # /dev/urandom on UNIX-like systems, and the MS crypto providor on windows.
+  module Random
+    # Returns a string of random bytes
+    #
+    # @param [Integer] n number of random bytes desired
+    #
+    # @return [String] random bytes.
+    def self.random_bytes(n=32)
+      buf = Crypto::Util.zeros(n)
+      NaCl.random_bytes(buf, n)
+      buf
+    end
+  end
+end

data/lib/rbnacl/random_nonce_box.rb

@@ -0,0 +1,109 @@
+# encoding: binary
+module Crypto
+  # The simplest nonce strategy that could possibly work
+  #
+  # This class implements the simplest possible nonce generation strategy to
+  # wrap a Crypto::Box or Crypto::SecretBox.  A 24-byte random nonce is used
+  # for the encryption and is prepended to the message.  When it is time to
+  # open the box, the message is split into nonce and ciphertext, and then the
+  # box is decrypted.
+  #
+  # Thanks to the size of the nonce, the chance of a collision is neglible.  For
+  # example, after encrypting 2^64 messages, the odds of their having been
+  # repeated nonce is approximately 2^-64.  As an additional convenience, the
+  # ciphertexts may be encoded or decoded by any of the encoders implemented in
+  # the library.
+  #
+  # The resulting ciphertexts are 40 bytes longer than the plain text (24 byte
+  # nonce plus a 16 byte authenticator).  This might be annoying if you're
+  # encrypting tweets, but for files represents a fairly small overhead.
+  #
+  # Some caveats:
+  #
+  # * If your random source is broken, so is the security of the messages.  You
+  #   have bigger problems than just this library at that point, but it's worth
+  #   saying.
+  # * The confidentiality of your messages is assured with this strategy, but
+  #   there is no protection against messages being reordered and replayed by an
+  #   active adversary.
+  class RandomNonceBox
+    # the size of the nonce
+    NONCEBYTES = NaCl::NONCEBYTES
+
+    # Create a new RandomNonceBox
+    #
+    # @param box [SecretBox, Box] the SecretBox or Box to use.
+    #
+    # @return [RandomNonceBox] Ready for use
+    def initialize(box)
+      @box = box
+    end
+
+    # Use a secret key to create a RandomNonceBox
+    #
+    # This is a convenience method.  It takes a secret key and instantiates a
+    # SecretBox under the hood, then returns the new RandomNonceBox.
+    #
+    # @param secret_key [String] The secret key, 32 bytes long.
+    #
+    # @return [RandomNonceBox] Ready for use
+    def self.from_secret_key(secret_key)
+      new(SecretBox.new(secret_key))
+    end
+
+    # Use a pair of keys to create a RandomNonceBox
+    #
+    # This is a convenience method.  It takes a pair of keys and instantiates a
+    # Box under the hood, then returns the new RandomNonceBox.
+    #
+    # @param private_key [PrivateKey, String] The RbNaCl private key, as class or string
+    # @param public_key  [PublicKey,  String] The RbNaCl public key, as class or string
+    #
+    # @return [RandomNonceBox] Ready for use
+    def self.from_keypair(private_key, public_key)
+      new(Box.new(private_key, public_key))
+    end
+
+    # Encrypts the message with a random nonce
+    #
+    # Encrypts the message with a random nonce, then returns the ciphertext with
+    # the nonce prepended.  Optionally encodes the message using an encoder.
+    #
+    # @param message [String] The message to encrypt
+    # @param encoding [Symbol] Optional encoding for the returned ciphertext
+    #
+    # @return [String] The enciphered message
+    def box(message, encoding = :raw)
+      nonce = generate_nonce
+      cipher_text = @box.box(nonce, message)
+      Encoder[encoding].encode(nonce + cipher_text)
+    end
+
+    # Decrypts the ciphertext with a random nonce
+    #
+    # Takes a ciphertext, optionally decodes it, then splits the nonce off the
+    # front and uses this to decrypt.  Returns the message.
+    #
+    # @param enciphered_message [String] The message to decrypt.
+    # @param encoding [Symbol] Optional decoding for the returned ciphertext
+    #
+    # @raise [CryptoError] If the message has been tampered with.
+    #
+    # @return [String] The decoded message
+    def open(enciphered_message, encoding = :raw)
+      decoded = Encoder[encoding].decode(enciphered_message)
+      nonce, ciphertext = *extract_nonce(decoded)
+      @box.open(nonce, ciphertext)
+    end
+
+    private
+    def generate_nonce
+      Random.random_bytes(NONCEBYTES)
+    end
+
+    def extract_nonce(bytes)
+      nonce = bytes.slice!(0, NONCEBYTES)
+      [nonce, bytes]
+    end
+  end
+end

data/lib/rbnacl/secret_box.rb

@@ -0,0 +1,86 @@
+# encoding: binary
+module Crypto
+  # The SecretBox class boxes and unboxes messages
+  #
+  # This class uses the given secret key to encrypt and decrypt messages.
+  #
+  # It is VITALLY important that the nonce is a nonce, i.e. it is a number used
+  # only once for any given pair of keys.  If you fail to do this, you
+  # compromise the privacy of the messages encrypted. Give your nonces a
+  # different prefix, or have one side use an odd counter and one an even counter.
+  # Just make sure they are different.
+  #
+  # The ciphertexts generated by this class include a 16-byte authenticator which
+  # is checked as part of the decryption.  An invalid authenticator will cause
+  # the unbox function to raise.  The authenticator is not a signature.  Once
+  # you've looked in the box, you've demonstrated the ability to create
+  # arbitrary valid messages, so messages you send are repudiatable.  For
+  # non-repudiatable messages, sign them before or after encryption.
+  class SecretBox
+    # Number of bytes for a secret key
+    KEYBYTES = NaCl::SECRETBOX_KEYBYTES
+
+    # Create a new SecretBox
+    #
+    # Sets up the Box with a secret key fro encrypting and decrypting messages.
+    #
+    # @param key [String] The key to encrypt and decrypt with
+    # @param encoding [Symbol] Parse key from the given encoding
+    #
+    # @raise [Crypto::LengthError] on invalid keys
+    #
+    # @return [Crypto::SecretBox] The new Box, ready to use
+    def initialize(key, encoding = :raw)
+      @key = Encoder[encoding].decode(key) if key
+      Util.check_length(@key, KEYBYTES, "Secret key")
+    end
+
+    # Encrypts a message
+    #
+    # Encrypts the message with the given nonce to the key set up when
+    # initializing the class.  Make sure the nonce is unique for any given
+    # key, or you might as well just send plain text.
+    #
+    # This function takes care of the padding required by the NaCL C API.
+    #
+    # @param nonce [String] A 24-byte string containing the nonce.
+    # @param message [String] The message to be encrypted.
+    #
+    # @raise [Crypto::LengthError] If the nonce is not valid
+    #
+    # @return [String] The ciphertext without the nonce prepended (BINARY encoded)
+    def box(nonce, message)
+      Util.check_length(nonce, Crypto::NaCl::NONCEBYTES, "Nonce")
+      msg = Util.prepend_zeros(NaCl::ZEROBYTES, message)
+      ct  = Util.zeros(msg.bytesize)
+
+      NaCl.crypto_secretbox(ct, msg, msg.bytesize, nonce, @key) || raise(CryptoError, "Encryption failed")
+      Util.remove_zeros(NaCl::BOXZEROBYTES, ct)
+    end
+    alias encrypt box
+
+    # Decrypts a ciphertext
+    #
+    # Decrypts the ciphertext with the given nonce using the key setup when
+    # initializing the class.
+    #
+    # This function takes care of the padding required by the NaCL C API.
+    #
+    # @param nonce [String] A 24-byte string containing the nonce.
+    # @param ciphertext [String] The message to be decrypted.
+    #
+    # @raise [Crypto::LengthError] If the nonce is not valid
+    # @raise [Crypto::CryptoError] If the ciphertext cannot be authenticated.
+    #
+    # @return [String] The decrypted message (BINARY encoded)
+    def open(nonce, ciphertext)
+      Util.check_length(nonce, Crypto::NaCl::NONCEBYTES, "Nonce")
+      ct = Util.prepend_zeros(NaCl::BOXZEROBYTES, ciphertext)
+      message  = Util.zeros(ct.bytesize)
+
+      NaCl.crypto_secretbox_open(message, ct, ct.bytesize, nonce, @key) || raise(CryptoError, "Decryption failed. Ciphertext failed verification.")
+      Util.remove_zeros(NaCl::ZEROBYTES, message)
+    end
+    alias decrypt open
+  end
+end

data/lib/rbnacl/self_test.rb

@@ -0,0 +1,118 @@
+start = Time.now if $DEBUG
+
+module Crypto
+  class SelfTestFailure < Crypto::CryptoError; end
+
+  module SelfTest
+    module_function
+
+    def box_test
+      alicepk = Crypto::PublicKey.new(TestVectors[:alice_public], :hex)
+      bobsk = Crypto::PrivateKey.new(TestVectors[:bob_private], :hex)
+
+      box = Crypto::Box.new(alicepk, bobsk)
+      box_common_test(box)
+    end
+
+    def secret_box_test
+      box = SecretBox.new(TestVectors[:secret_key], :hex)
+      box_common_test(box)
+    end
+
+    def box_common_test(box)
+      nonce      = hexdecode_vector :box_nonce
+      message    = hexdecode_vector :box_message
+      ciphertext = hexdecode_vector :box_ciphertext
+
+      unless box.encrypt(nonce, message) == ciphertext
+        raise SelfTestFailure, "failed to generate correct ciphertext"
+      end
+
+      unless box.decrypt(nonce, ciphertext) == message
+        raise SelfTestFailure, "failed to decrypt ciphertext correctly"
+      end
+
+      begin
+        passed         = false
+        corrupt_ct     = ciphertext.dup
+        corrupt_ct[23] = ' '
+        box.decrypt(nonce, corrupt_ct)
+      rescue CryptoError
+        passed = true
+      ensure
+        passed or raise SelfTestFailure, "failed to detect corrupt ciphertext"
+      end
+    end
+
+    def digital_signature_test
+      signing_key = SigningKey.new(TestVectors[:sign_private], :hex)
+      verify_key  = signing_key.verify_key
+
+      unless verify_key.to_s(:hex) == TestVectors[:sign_public]
+        raise SelfTestFailure, "failed to generate verify key correctly"
+      end
+
+      message   = hexdecode_vector :sign_message
+      signature = signing_key.sign(message, :hex)
+
+      unless signature == TestVectors[:sign_signature]
+        raise SelfTestFailure, "failed to generate correct signature"
+      end
+
+      unless verify_key.verify(message, signature, :hex)
+        raise SelfTestFailure, "failed to verify a valid signature"
+      end
+
+      bad_signature = signature[0,127] + '0'
+
+      unless verify_key.verify(message, bad_signature, :hex) == false
+        raise SelfTestFailure, "failed to detect an invalid signature"
+      end
+    end
+
+    def sha256_test
+      message = hexdecode_vector :sha256_message
+      digest  = hexdecode_vector :sha256_digest
+
+      unless Crypto::Hash.sha256(message) == digest
+        raise SelfTestFailure, "failed to generate a correct SHA256 digest"
+      end
+    end
+
+    def hmac_test(klass, tag)
+      authenticator = klass.new(TestVectors[:auth_key], :hex)
+
+      message = hexdecode_vector :auth_message
+
+      unless authenticator.auth(message, :hex) == TestVectors[tag]
+        raise SelfTestFailure, "#{klass} failed to generate correct authentication tag"
+      end
+
+      unless authenticator.verify(message, TestVectors[tag], :hex)
+        raise SelfTestFailure, "#{klass} failed to verify correct authentication tag"
+      end
+
+      if authenticator.verify(message+' ', TestVectors[tag], :hex)
+        raise SelfTestFailure, "#{klass} failed to detect invalid authentication tag"
+      end
+    end
+
+    def hexdecode(string)
+      Encoder[:hex].decode(string)
+    end
+
+    def hexdecode_vector(name)
+      hexdecode TestVectors[name]
+    end
+  end
+end
+
+Crypto::SelfTest.box_test
+Crypto::SelfTest.secret_box_test
+Crypto::SelfTest.digital_signature_test
+Crypto::SelfTest.sha256_test
+Crypto::SelfTest.hmac_test Crypto::HMAC::SHA256,    :auth_hmacsha256
+Crypto::SelfTest.hmac_test Crypto::HMAC::SHA512256, :auth_hmacsha512256
+Crypto::SelfTest.hmac_test Crypto::Auth::OneTime,   :auth_onetime
+
+puts "POST Completed in #{Time.now - start} s" if $DEBUG

data/lib/rbnacl/serializable.rb

@@ -0,0 +1,23 @@
+# encoding: binary
+module Crypto
+  # Serialization features shared across all "key-like" classes
+  module Serializable
+    # Return a string representation of this key, possibly encoded into a
+    # given serialization format.
+    #
+    # @param encoding [String] string encoding format in which to encode the key
+    #
+    # @return [String] key encoded in the specified format
+    def to_s(encoding = :raw)
+      Encoder[encoding].encode(to_bytes)
+    end
+    alias_method :to_str, :to_s
+
+    # Inspect this key
+    #
+    # @return [String] a string representing this key
+    def inspect
+      "#<#{self.class}:#{to_s(:hex)[0,8]}>"
+    end
+  end
+end

data/lib/rbnacl/test_vectors.rb

@@ -0,0 +1,69 @@
+# encoding: binary
+module Crypto
+  # Reference library of test vectors used to verify the software is correct
+  TestVectors = {
+    #
+    # Curve25519 test vectors
+    # Taken from the NaCl distribution
+    #
+    :alice_private  => "77076d0a7318a57d3c16c17251b26645df4c2f87ebc0992ab177fba51db92c2a",
+    :alice_public   => "8520f0098930a754748b7ddcb43ef75a0dbf3a0d26381af4eba4a98eaa9b4e6a",
+    :bob_private    => "5dab087e624a8a4b79e17f8b83800ee66f3bb1292618b6fd1c2f8b27ff88e0eb",
+    :bob_public     => "de9edb7d7b7dc1b4d35b61c2ece435373f8343c85b78674dadfc7e146f882b4f",
+    :alice_mult_bob => "4a5d9d5ba4ce2de1728e3bf480350f25e07e21c947d19e3376f09b3c1e161742",
+
+    #
+    # Box test vectors
+    # Taken from the NaCl distribution
+    #
+    :secret_key     => "1b27556473e985d462cd51197a9a46c76009549eac6474f206c4ee0844f68389",
+    :box_nonce      => "69696ee955b62b73cd62bda875fc73d68219e0036b7a0b37",
+    :box_message    => "be075fc53c81f2d5cf141316ebeb0c7b5228c52a4c62cbd44b66849b64244ffc" +
+                       "e5ecbaaf33bd751a1ac728d45e6c61296cdc3c01233561f41db66cce314adb31" +
+                       "0e3be8250c46f06dceea3a7fa1348057e2f6556ad6b1318a024a838f21af1fde" +
+                       "048977eb48f59ffd4924ca1c60902e52f0a089bc76897040e082f93776384864" +
+                       "5e0705",
+
+    :box_ciphertext => "f3ffc7703f9400e52a7dfb4b3d3305d98e993b9f48681273c29650ba32fc76ce" +
+                       "48332ea7164d96a4476fb8c531a1186ac0dfc17c98dce87b4da7f011ec48c972" +
+                       "71d2c20f9b928fe2270d6fb863d51738b48eeee314a7cc8ab932164548e526ae" +
+                       "90224368517acfeabd6bb3732bc0e9da99832b61ca01b6de56244a9e88d5f9b3" +
+                       "7973f622a43d14a6599b1f654cb45a74e355a5",
+
+    #
+    # Ed25519 test vectors
+    # Taken from the Python test vectors: http://ed25519.cr.yp.to/python/sign.input
+    #
+    :sign_private   => "b18e1d0045995ec3d010c387ccfeb984d783af8fbb0f40fa7db126d889f6dadd",
+    :sign_public    => "77f48b59caeda77751ed138b0ec667ff50f8768c25d48309a8f386a2bad187fb",
+    :sign_message   => "916c7d1d268fc0e77c1bef238432573c39be577bbea0998936add2b50a653171" +
+                       "ce18a542b0b7f96c1691a3be6031522894a8634183eda38798a0c5d5d79fbd01" +
+                       "dd04a8646d71873b77b221998a81922d8105f892316369d5224c9983372d2313" +
+                       "c6b1f4556ea26ba49d46e8b561e0fc76633ac9766e68e21fba7edca93c4c7460" +
+                       "376d7f3ac22ff372c18f613f2ae2e856af40",
+    :sign_signature => "6bd710a368c1249923fc7a1610747403040f0cc30815a00f9ff548a896bbda0b" +
+                       "4eb2ca19ebcf917f0f34200a9edbad3901b64ab09cc5ef7b9bcc3c40c0ff7509",
+
+    #
+    # SHA256 test vectors
+    # Taken from the NSRL test vectors: http://www.nsrl.nist.gov/testdata/
+    :sha256_message => "6162636462636465636465666465666765666768666768696768696a68696a6b" +
+                       "696a6b6c6a6b6c6d6b6c6d6e6c6d6e6f6d6e6f706e6f7071",
+    :sha256_digest  => "248d6a61d20638b8e5c026930c3e6039a33ce45964ff2167f6ecedd419db06c1",
+
+    #
+    # Auth test vectors
+    # Taken from NaCl distribution
+    #
+    :auth_key           => "eea6a7251c1e72916d11c2cb214d3c252539121d8e234e652d651fa4c8cff880",
+    :auth_message       => "8e993b9f48681273c29650ba32fc76ce48332ea7164d96a4476fb8c531a1186a" +
+                           "c0dfc17c98dce87b4da7f011ec48c97271d2c20f9b928fe2270d6fb863d51738" +
+                           "b48eeee314a7cc8ab932164548e526ae90224368517acfeabd6bb3732bc0e9da" +
+                           "99832b61ca01b6de56244a9e88d5f9b37973f622a43d14a6599b1f654cb45a74" +
+                           "e355a5",
+    :auth_onetime       => "f3ffc7703f9400e52a7dfb4b3d3305d9",
+    # self-created (FIXME: find standard test vectors)
+    :auth_hmacsha256    => "7f7b9b707e8790ca8620ff94df5e6533ddc8e994060ce310c9d7de04d44aabc3",
+    :auth_hmacsha512256 => "b2a31b8d4e01afcab2ee545b5caf4e3d212a99d7b3a116a97cec8e83c32e107d"
+  }
+end