rbnacl 1.0.0.pre

data/lib/rbnacl/util.rb

@@ -0,0 +1,137 @@
+# encoding: binary
+module Crypto
+  # Various utility functions
+  module Util
+    module_function
+    # Returns a string of n zeros
+    #
+    # Lots of the functions require us to create strings to pass into functions of a specified size.
+    #
+    # @param [Integer] n the size of the string to make
+    #
+    # @return [String] A nice collection of zeros
+    def zeros(n=32)
+      zeros = "\0" * n
+      # make sure they're 8-bit zeros, not 7-bit zeros.  Otherwise we might get
+      # encoding errors later
+      zeros.respond_to?(:force_encoding) ? zeros.force_encoding('ASCII-8BIT') : zeros
+    end
+
+    # Prepends a message with zeros
+    #
+    # Many functions require a string with some zeros prepended.
+    #
+    # @param [Integer] n The number of zeros to prepend
+    # @param [String] message The string to be prepended
+    #
+    # @return [String] a bunch of zeros
+    def prepend_zeros(n, message)
+      zeros(n) + message
+    end
+
+    # Remove zeros from the start of a message
+    #
+    # Many functions require a string with some zeros prepended, then need them removing after.  Note, this modifies the passed in string
+    #
+    # @param [Integer] n The number of zeros to remove
+    # @param [String] message The string to be slice
+    #
+    # @return [String] less a bunch of zeros
+    def remove_zeros(n, message)
+      message.slice!(n, message.bytesize - n)
+    end
+
+    # Check the length of the passed in string
+    #
+    # In several places through the codebase we have to be VERY strict with
+    # what length of string we accept.  This method supports that.
+    #
+    # @raise [Crypto::LengthError] If the string is not the right length
+    #
+    # @param string [String] The string to compare
+    # @param length [Integer] The desired length
+    # @param description [String] Description of the string (used in the error)
+    def check_length(string, length, description)
+      if string.nil?
+        raise LengthError,
+          "#{description} was nil (Expected #{length.to_int})",
+          caller
+      end
+      
+      if string.bytesize != length.to_int
+        raise LengthError,
+              "#{description} was #{string.bytesize} bytes (Expected #{length.to_int})",
+              caller
+      end
+      true
+    end
+
+
+    # Compare two 32 byte strings in constant time
+    #
+    # This should help to avoid timing attacks for string comparisons in your
+    # application.  Note that many of the functions (such as HmacSha256#verify)
+    # use this method under the hood already.
+    #
+    # @param [String] one String #1
+    # @param [String] two String #2
+    #
+    # @return [Boolean] Well, are they equal?
+    def verify32(one, two)
+      return false unless two.bytesize == 32 && one.bytesize == 32
+      NaCl.crypto_verify_32(one, two)
+    end
+
+    # Compare two 32 byte strings in constant time
+    #
+    # This should help to avoid timing attacks for string comparisons in your
+    # application.  Note that many of the functions (such as HmacSha256#verify)
+    # use this method under the hood already.
+    #
+    # @param [String] one String #1
+    # @param [String] two String #2
+    #
+    # @raise [ArgumentError] If the strings are not equal in length
+    #
+    # @return [Boolean] Well, are they equal?
+    def verify32!(one, two)
+      check_length(one, 32, "First message")
+      check_length(two, 32, "Second message")
+      NaCl.crypto_verify_32(one, two)
+    end
+
+    # Compare two 16 byte strings in constant time
+    #
+    # This should help to avoid timing attacks for string comparisons in your
+    # application.  Note that many of the functions (such as OneTime#verify)
+    # use this method under the hood already.
+    #
+    # @param [String] one String #1
+    # @param [String] two String #2
+    #
+    # @return [Boolean] Well, are they equal?
+    def verify16(one, two)
+      return false unless two.bytesize == 16 && one.bytesize == 16
+      NaCl.crypto_verify_16(one, two)
+    end
+
+    # Compare two 16 byte strings in constant time
+    #
+    # This should help to avoid timing attacks for string comparisons in your
+    # application.  Note that many of the functions (such as OneTime#verify)
+    # use this method under the hood already.
+    #
+    # @param [String] one String #1
+    # @param [String] two String #2
+    #
+    # @raise [ArgumentError] If the strings are not equal in length
+    #
+    # @return [Boolean] Well, are they equal?
+    def verify16!(one, two)
+      check_length(one, 16, "First message")
+      check_length(two, 16, "Second message")
+      NaCl.crypto_verify_16(one, two)
+    end
+  end
+end
+

data/lib/rbnacl/version.rb

@@ -0,0 +1,5 @@
+# encoding: binary
+module Crypto
+  # The library's version
+  VERSION = "1.0.0.pre"
+end

data/rbnacl.gemspec

@@ -0,0 +1,28 @@
+# -*- encoding: utf-8 -*-
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'rbnacl/version'
+
+Gem::Specification.new do |gem|
+  gem.name          = "rbnacl"
+  gem.version       = Crypto::VERSION
+  gem.authors       = ["Tony Arcieri"]
+  gem.email         = ["tony.arcieri@gmail.com"]
+  gem.description   = "Ruby binding to the Networking and Cryptography (NaCl) library"
+  gem.summary       = "The Networking and Cryptography (NaCl) library provides a high-level toolkit for building cryptographic systems and protocols"
+  gem.homepage      = "https://github.com/tarcieri/rbnacl"
+
+  gem.files         = `git ls-files`.split($/)
+  gem.executables   = gem.files.grep(%r{^bin/}).map{ |f| File.basename(f) }
+  gem.test_files    = gem.files.grep(%r{^(test|spec|features)/})
+  gem.require_paths = ["lib"]
+
+  if defined? JRUBY_VERSION
+    gem.platform = "jruby"
+  end
+
+  gem.add_runtime_dependency 'ffi'
+
+  gem.add_development_dependency "rake"
+  gem.add_development_dependency "rspec"
+end

data/rbnacl.gpg

@@ -0,0 +1,30 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+Version: GnuPG v1.4.12 (Darwin)
+
+mQENBFE2gC4BCADG/9ea48mbfT4Odzi6JLXQMt2z4Md6zO52O1w8RvA32hgx+Sm4
+4amvwMGb44WXQkSCp//X4YWcZ+WAefZDz8VSfsvQ11CLAnnGPuKiItFCkmDCL0iV
+2PrHQ3oZ8kfd3/f8qKPZI+TcPmJw1ttF/ugcly7zndCQq+17G/nMYNIxltegtfxm
+AHGeuzgfG6r/IbvBrMgvAmV2+0/CnCpuuuIiSqkp9TnBH3rYl2x4ewwGrgp3GrGT
+OLm/qEKNHbQGa8Q+yaHJczTJ5fNxEdVllEAfVhYPuEoBLDm4fjkgGS98nr9+T7pF
+9M1IfmszfyenWut6RF1lfRrZQD7v02K7XOIXABEBAAG0JVRvbnkgQXJjaWVyaSA8
+dG9ueS5hcmNpZXJpQGdtYWlsLmNvbT6JAT4EEwECACgFAlE2gC4CGwMFCQHhM4AG
+CwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJELIQJp27LYeHjwQH/jktme/Uzxhp
+jodHv9iTUbaNi3PSjmNZJAzmtvsJzavrP2EuYomOK2Z0K387HbWPQpRGNxMzF85X
+71YYRCGCsja6sFFaiVE5EOzbQVAdT0gyE7U/iPImbqtXAH9WdbxqgjrvnECwDsod
+WyzGaanfbcF9E3b+od/CcjSpcsOJkuxZXwrZKxP9ehvy5dobYrLfageXVxJdj1rs
+4tuD5IsIQnqW3uUzfaAOLS0oh6e4faDV5232Gva/y7j2fs235ceuHGv24iYf2NAE
+c7rfnOpqT2/3ezNwqpNqE1RH2p1LgtmNkOn7z0iyck171WpCNUaDzT2QVMW1sVEQ
+OQzIVvzM6DC5AQ0EUTaALgEIALCnnwjepJiWFYy6iSMDOZ4g6ifxOPdmlQp0SF83
+BqbEuhr19EBb8Z3BTewIeszwiozCrYyE3Z/hXwJX9JcsTd+YlNE93IMXWq0Dvr2u
+YPhXg4z7Ni9geJaCuQVu4R6pGHI9Irw2F/+xBvccS8nf+xzPsqcqZkFnal5ohCR2
+Z4eXUI26La9qq9j5K6SGMemGwt9FKLXDuInOWSWpiztQBpEo66d8LGqvvHGUUTYH
+LEsJzItLFTHOxTySvjt+9bVWgtXl5iLiR+dAL03Yf6J6E+Dzu12ELoq1kI/M6c0f
+cczmhGT9+9PJfqg2A6MjAF5JEQUVa1HlDH9vnfwSc8nm0qUAEQEAAYkBJQQYAQIA
+DwUCUTaALgIbDAUJAeEzgAAKCRCyECaduy2Hh19aB/93WEEPqVAFzo04f8P27KTw
+n+UiVTTxLkEBNbUHqNDBwWZLBUhzDxoEI21OyAxMzJEj80GXyFtLBMO+lbzz8MvI
+IcfLS3zXaeEFO+fofKbfilvzezSzslPTjxFx0He8C/SjggWVIRPfv5hpoyyx4FXW
+a6ZmA5G29O2J85VhZr8EQuykB10K9tIGIgfpuvjfeL8K30rgPGPfwbZP7/U33Yxs
+qwAwsd6Ej98U8TGUr/tTSVztjg7inWwkL84I3DnfedOn4ofVDetDvtjuaJcc16Z5
+QspnbOIn+KGOcdodZQKglj4Esal0W3kg56Du9M5xzmfEB2UeK5aMTL5akoCjs9aK
+=64l+
+-----END PGP PUBLIC KEY BLOCK-----

data/spec/rbnacl/auth/one_time_spec.rb

@@ -0,0 +1,8 @@
+# encoding: binary
+require 'spec_helper'
+
+describe Crypto::Auth::OneTime do
+  let(:hex_tag) { Crypto::TestVectors[:auth_onetime] }
+
+  include_examples "authenticator"
+end

data/spec/rbnacl/box_spec.rb

@@ -0,0 +1,42 @@
+# encoding: binary
+require 'spec_helper'
+
+describe Crypto::Box do
+  let(:alicepk_hex) { Crypto::TestVectors[:alice_public] }
+  let(:bobsk_hex)   { Crypto::TestVectors[:bob_private] }
+
+  let(:alicepk)   { Crypto::Encoder[:hex].decode(alicepk_hex) }
+  let(:bobsk)     { Crypto::Encoder[:hex].decode(bobsk_hex) }
+  let(:alice_key) { Crypto::PublicKey.new(alicepk) }
+  let(:bob_key)   { Crypto::PrivateKey.new(bobsk) }
+
+  context "new" do
+    it "accepts strings" do
+      expect { Crypto::Box.new(alicepk_hex, bobsk_hex, :hex) }.to_not raise_error(Exception)
+    end
+
+    it "accepts KeyPairs" do
+      expect { Crypto::Box.new(alice_key, bob_key) }.to_not raise_error(Exception)
+    end
+
+    it "raises on a nil public key" do
+      expect { Crypto::Box.new(nil, bobsk) }.to raise_error(Crypto::LengthError, /Public key was nil \(Expected 32\)/)
+    end
+
+    it "raises on an invalid public key" do
+      expect { Crypto::Box.new("hello", bobsk) }.to raise_error(Crypto::LengthError, /Public key was 5 bytes \(Expected 32\)/)
+    end
+
+    it "raises on a nil secret key" do
+      expect { Crypto::Box.new(alicepk, nil) }.to raise_error(Crypto::LengthError, /Private key was nil \(Expected 32\)/)
+    end
+
+    it "raises on an invalid secret key" do
+      expect { Crypto::Box.new(alicepk, "hello") }.to raise_error(Crypto::LengthError, /Private key was 5 bytes \(Expected 32\)/)
+    end
+  end
+
+  include_examples 'box' do
+    let(:box) { Crypto::Box.new(alicepk, bobsk) }
+  end
+end

data/spec/rbnacl/encoder_spec.rb

@@ -0,0 +1,14 @@
+# encoding: binary
+require 'spec_helper'
+
+describe Crypto::Encoder do
+  it "registers encoders" do
+    expect { Crypto::Encoder[:foobar] }.to raise_exception(ArgumentError)
+
+    class FoobarEncoder < described_class
+      register :foobar
+    end
+
+    Crypto::Encoder[:foobar].should be_a FoobarEncoder
+  end
+end

data/spec/rbnacl/encoders/base32_spec.rb

@@ -0,0 +1,16 @@
+# encoding: binary
+require 'spec_helper'
+require 'rbnacl/encoders/base32'
+
+describe Crypto::Encoders::Base32 do
+  let(:source) { "abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789" }
+  let(:base32) { "mfrggzdfmztwq2lknnwg23tpobyxe43uov3ho6dzpiydcmrtgq2tmnzyhfqwey3emvtgo2djnjvwy3lon5yhc4ttor2xm53ypf5damjsgm2dknrxha4wcytdmrswmz3infvgw3dnnzxxa4lson2hk5txpb4xumbrgiztinjwg44ds===" }
+
+  it "encodes to base32" do
+    subject.encode(source).should eq base32
+  end
+
+  it "decodes from base32" do
+    subject.decode(base32).should eq source
+  end
+end

data/spec/rbnacl/encoders/base64_spec.rb

@@ -0,0 +1,15 @@
+# encoding: binary
+require 'spec_helper'
+
+describe Crypto::Encoders::Base64 do
+  let(:source) { "abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789" }
+  let(:base64) { "YWJjZGVmZ2hpamtsbW5vcHFyc3R1dnd4eXowMTIzNDU2Nzg5YWJjZGVmZ2hpamtsbW5vcHFyc3R1dnd4eXowMTIzNDU2Nzg5YWJjZGVmZ2hpamtsbW5vcHFyc3R1dnd4eXowMTIzNDU2Nzg5" }
+
+  it "encodes to base64" do
+    subject.encode(source).should eq base64
+  end
+
+  it "decodes from base64" do
+    subject.decode(base64).should eq source
+  end
+end

data/spec/rbnacl/encoders/hex_spec.rb

@@ -0,0 +1,15 @@
+# encoding: binary
+require 'spec_helper'
+
+describe Crypto::Encoders::Hex do
+  let (:bytes) { [0xDE,0xAD,0xBE,0xEF].pack('c*') }
+  let (:hex)   { "deadbeef" }
+
+  it "encodes to hex" do
+    subject.encode(bytes).should eq hex
+  end
+
+  it "decodes from hex" do
+    subject.decode(hex).should eq bytes
+  end
+end

data/spec/rbnacl/hash_spec.rb

@@ -0,0 +1,52 @@
+# encoding: binary
+require 'spec_helper'
+
+describe Crypto::Hash do
+  context "sha256" do
+    let(:reference_string)      { hex2bytes Crypto::TestVectors[:sha256_message] }
+    let(:reference_string_hash) { hex2bytes Crypto::TestVectors[:sha256_digest] }
+    let(:empty_string_hash) { "\xE3\xB0\xC4B\x98\xFC\x1C\x14\x9A\xFB\xF4\xC8\x99o\xB9$'\xAEA\xE4d\x9B\x93L\xA4\x95\x99\exR\xB8U" }
+    let(:reference_string_hash_hex) { reference_string_hash.unpack('H*').first }
+    let(:empty_string_hash_hex) { empty_string_hash.unpack('H*').first }
+
+    it "calculates the correct hash for a reference string" do
+      Crypto::Hash.sha256(reference_string).should eq reference_string_hash
+    end
+
+    it "calculates the correct hash for an empty string" do
+      Crypto::Hash.sha256("").should eq empty_string_hash
+    end
+
+    it "calculates the correct hash for a reference string and returns it in hex" do
+      Crypto::Hash.sha256(reference_string, :hex).should eq reference_string_hash_hex
+    end
+
+    it "calculates the correct hash for an empty string and returns it in hex" do
+      Crypto::Hash.sha256("", :hex).should eq empty_string_hash_hex
+    end
+  end
+
+  context "sha512" do
+    let(:reference_string) { "The quick brown fox jumps over the lazy dog." }
+    let(:reference_string_hash) { "\x91\xEA\x12E\xF2\rF\xAE\x9A\x03z\x98\x9FT\xF1\xF7\x90\xF0\xA4v\a\xEE\xB8\xA1M\x12\x89\f\xEAw\xA1\xBB\xC6\xC7\xED\x9C\xF2\x05\xE6{\x7F+\x8F\xD4\xC7\xDF\xD3\xA7\xA8a~E\xF3\xC4c\xD4\x81\xC7\xE5\x86\xC3\x9A\xC1\xED" }
+    let(:empty_string_hash) { "\xCF\x83\xE15~\xEF\xB8\xBD\xF1T(P\xD6m\x80\a\xD6 \xE4\x05\vW\x15\xDC\x83\xF4\xA9!\xD3l\xE9\xCEG\xD0\xD1<]\x85\xF2\xB0\xFF\x83\x18\xD2\x87~\xEC/c\xB91\xBDGAz\x81\xA582z\xF9'\xDA>" }
+    let(:reference_string_hash_hex) { reference_string_hash.unpack('H*').first }
+    let(:empty_string_hash_hex) { empty_string_hash.unpack('H*').first }
+
+    it "calculates the correct hash for a reference string" do
+      Crypto::Hash.sha512(reference_string).should eq reference_string_hash
+    end
+
+    it "calculates the correct hash for an empty string" do
+      Crypto::Hash.sha512("").should eq empty_string_hash
+    end
+
+    it "calculates the correct hash for a reference string and returns it in hex" do
+      Crypto::Hash.sha512(reference_string, :hex).should eq reference_string_hash_hex
+    end
+
+    it "calculates the correct hash for an empty string and returns it in hex" do
+      Crypto::Hash.sha512("", :hex).should eq empty_string_hash_hex
+    end
+  end
+end

data/spec/rbnacl/hmac/sha256_spec.rb

@@ -0,0 +1,8 @@
+# encoding: binary
+require 'spec_helper'
+
+describe Crypto::HMAC::SHA256 do
+  let(:hex_tag) { Crypto::TestVectors[:auth_hmacsha256] }
+
+  include_examples "authenticator"
+end

data/spec/rbnacl/hmac/sha512256_spec.rb

@@ -0,0 +1,8 @@
+# encoding: binary
+require 'spec_helper'
+
+describe Crypto::HMAC::SHA512256 do
+  let(:hex_tag) { Crypto::TestVectors[:auth_hmacsha512256] }
+
+  include_examples "authenticator"
+end

data/spec/rbnacl/keys/private_key_spec.rb

@@ -0,0 +1,68 @@
+# encoding: binary
+require 'spec_helper'
+
+describe Crypto::PrivateKey do
+  let(:bobsk)     { Crypto::TestVectors[:bob_private] }
+  let(:bobsk_raw) { Crypto::Encoder[:hex].decode(bobsk) }
+  let(:bobpk)     { Crypto::TestVectors[:bob_public] }
+  let(:bobpk_raw) { Crypto::Encoder[:hex].decode(bobpk) }
+
+  subject { Crypto::PrivateKey.new(bobsk, :hex) }
+
+  context "generate" do
+    let(:secret_key) { Crypto::PrivateKey.generate }
+
+    it "returns a secret key" do
+      secret_key.should be_a Crypto::PrivateKey
+    end
+
+    it "has the public key also set" do
+      secret_key.public_key.should be_a Crypto::PublicKey
+    end
+  end
+
+  context "new" do
+    it "accepts a valid key" do
+      expect { Crypto::PrivateKey.new(bobsk_raw) }.not_to raise_error
+    end
+    it "accepts a hex encoded key" do
+      expect { Crypto::PrivateKey.new(bobsk, :hex) }.not_to raise_error
+    end
+    it "rejects a nil key" do
+      expect { Crypto::PrivateKey.new(nil) }.to raise_error(ArgumentError)
+    end
+    it "rejects a short key" do
+      expect { Crypto::PrivateKey.new("short") }.to raise_error(ArgumentError)
+    end
+  end
+
+  context "public_key" do
+    it "returns a public key" do
+      subject.public_key.should be_a Crypto::PublicKey
+    end
+    it "returns the correct public key" do
+      subject.public_key.to_s(:hex).should eql bobpk
+    end
+  end
+
+  context "#to_bytes" do
+    it "returns the bytes of the key" do
+      subject.to_s(:hex).should eq bobsk
+    end
+  end
+
+  context "#to_s" do
+    it "returns the bytes of the key hex encoded" do
+      subject.to_s(:hex).should eq bobsk
+    end
+    it "returns the raw bytes of the key" do
+      subject.to_bytes.should eq bobsk_raw
+    end
+  end
+
+  include_examples "key equality" do
+    let(:key) { subject }
+    let(:key_bytes) { subject.to_bytes }
+    let(:other_key) { described_class.new(bobpk, :hex) }
+  end
+end