rbnacl 1.0.0.pre

data/spec/rbnacl/keys/public_key_spec.rb

@@ -0,0 +1,45 @@
+# encoding: binary
+require 'spec_helper'
+
+describe Crypto::PublicKey do
+  let(:alicepk)     { Crypto::TestVectors[:alice_public] }
+  let(:alicepk_raw) { Crypto::Encoder[:hex].decode(alicepk) }
+
+  subject { Crypto::PublicKey.new(alicepk, :hex) }
+
+  context "new" do
+    it "accepts a valid key" do
+      expect { Crypto::PublicKey.new(alicepk_raw) }.not_to raise_error
+    end
+    it "accepts a valid key in hex" do
+      expect { Crypto::PublicKey.new(alicepk, :hex) }.not_to raise_error
+    end
+    it "rejects a nil key" do
+      expect { Crypto::PublicKey.new(nil) }.to raise_error(ArgumentError)
+    end
+    it "rejects a short key" do
+      expect { Crypto::PublicKey.new("short") }.to raise_error(ArgumentError)
+    end
+  end
+
+  context "#to_bytes" do
+    it "returns the bytes of the key" do
+      subject.to_bytes.should eq alicepk_raw
+    end
+  end
+
+  context "#to_s" do
+    it "returns the bytes of the key" do
+      subject.to_s.should eq alicepk_raw
+    end
+    it "returns the bytes of the key hex encoded" do
+      subject.to_s(:hex).should eq alicepk
+    end
+  end
+  
+  include_examples "key equality" do
+    let(:key) { subject }
+    let(:key_bytes) { subject.to_bytes }
+    let(:other_key) { described_class.new(alicepk_raw.succ) }
+  end
+end

data/spec/rbnacl/keys/signing_key_spec.rb

@@ -0,0 +1,40 @@
+# encoding: binary
+require 'spec_helper'
+
+describe Crypto::SigningKey do
+  let(:signing_key)     { Crypto::TestVectors[:sign_private] }
+  let(:signing_key_raw) { Crypto::Encoder[:hex].decode(signing_key) }
+
+  let(:message)         { Crypto::Encoder[:hex].decode(Crypto::TestVectors[:sign_message]) }
+  let(:signature)       { Crypto::TestVectors[:sign_signature] }
+  let(:signature_raw)   { Crypto::Encoder[:hex].decode(signature) }
+
+  # NOTE: this implicitly covers testing initialization from bytes
+  subject { described_class.new(signing_key, :hex) }
+
+  it "generates keys" do
+    described_class.generate.should be_a described_class
+  end
+
+  it "signs messages as bytes" do
+    subject.sign(message).should eq signature_raw
+  end
+
+  it "signs messages as hex" do
+    subject.sign(message, :hex).should eq signature
+  end
+
+  it "serializes to hex" do
+    subject.to_s(:hex).should eq signing_key
+  end
+
+  it "serializes to bytes" do
+    subject.to_bytes.should eq signing_key_raw
+  end
+  
+  include_examples "key equality" do
+    let(:key_bytes) { signing_key_raw }
+    let(:key)       { described_class.new(key_bytes) }
+    let(:other_key) { described_class.new("B"*32) }
+  end
+end

data/spec/rbnacl/keys/verify_key_spec.rb

@@ -0,0 +1,51 @@
+# encoding: binary
+describe Crypto::VerifyKey do
+  let(:signing_key)    { Crypto::TestVectors[:sign_private] }
+  let(:verify_key)     { Crypto::TestVectors[:sign_public] }
+  let(:verify_key_raw) { Crypto::Encoder[:hex].decode(verify_key) }
+
+  let(:message)        { Crypto::Encoder[:hex].decode(Crypto::TestVectors[:sign_message]) }
+  let(:signature)      { Crypto::TestVectors[:sign_signature] }
+  let(:signature_raw)  { Crypto::Encoder[:hex].decode(signature) }
+  let(:bad_signature)  { sig = signature.dup; sig[0] = (sig[0].ord + 1).chr; sig }
+
+  subject { Crypto::SigningKey.new(signing_key, :hex).verify_key }
+
+  it "verifies correct signatures" do
+    subject.verify(message, signature_raw).should be_true
+  end
+
+  it "verifies correct hex signatures" do
+    subject.verify(message, signature, :hex).should be_true
+  end
+
+  it "detects bad signatures" do
+    subject.verify(message, bad_signature, :hex).should be_false
+  end
+
+  it "raises when asked to verify with a bang" do
+    expect { subject.verify!(message, bad_signature, :hex) }.to raise_exception Crypto::BadSignatureError
+  end
+
+  it "serializes to bytes" do
+    subject.to_bytes.should eq verify_key_raw
+  end
+
+  it "serializes to hex" do
+    subject.to_s(:hex).should eq verify_key
+  end
+
+  it "initializes from bytes" do
+    described_class.new(verify_key_raw).to_s(:hex).should eq verify_key
+  end
+
+  it "initializes from hex" do
+    described_class.new(verify_key, :hex).to_s(:hex).should eq verify_key
+  end
+
+  include_examples "key equality" do
+    let(:key_bytes) { verify_key_raw }
+    let(:key)       { described_class.new(key_bytes) }
+    let(:other_key) { described_class.new("B"*32) }
+  end
+end

data/spec/rbnacl/point_spec.rb

@@ -0,0 +1,29 @@
+# encoding: binary
+require 'spec_helper'
+
+describe Crypto::Point do
+  let(:alice_private)  { Crypto::TestVectors[:alice_private] }
+  let(:alice_public)   { Crypto::TestVectors[:alice_public] }
+
+  let(:bob_public)     { Crypto::TestVectors[:bob_public] }
+
+  let(:alice_mult_bob) { Crypto::TestVectors[:alice_mult_bob] }
+
+  subject { described_class.new(bob_public, :hex) }
+
+  it "multiplies integers with the base point" do
+    described_class.base.mult(alice_private, :hex).to_s(:hex).should eq alice_public
+  end
+
+  it "multiplies integers with arbitrary points" do
+    described_class.new(bob_public, :hex).mult(alice_private, :hex).to_s(:hex).should eq alice_mult_bob
+  end
+
+  it "serializes to bytes" do
+    subject.to_bytes.should eq Crypto::Encoder[:hex].decode(bob_public)
+  end
+
+  it "serializes to hex" do
+    subject.to_s(:hex).should eq bob_public
+  end
+end

data/spec/rbnacl/random_nonce_box_spec.rb

@@ -0,0 +1,78 @@
+# encoding: binary
+require 'spec_helper'
+
+describe Crypto::RandomNonceBox do
+  let (:secret_key) {
+  [0x1b,0x27,0x55,0x64,0x73,0xe9,0x85,0xd4,0x62,0xcd,0x51,0x19,0x7a,0x9a,0x46,0xc7,
+   0x60,0x09,0x54,0x9e,0xac,0x64,0x74,0xf2,0x06,0xc4,0xee,0x08,0x44,0xf6,0x83,0x89].pack('c*')
+  } # from the nacl distribution
+  let(:secret_box) { Crypto::SecretBox.new(secret_key) }
+  let (:alicepk) { "\x85 \xF0\t\x890\xA7Tt\x8B}\xDC\xB4>\xF7Z\r\xBF:\r&8\x1A\xF4\xEB\xA4\xA9\x8E\xAA\x9BNj"  } # from the nacl distribution
+  let (:bobsk) { "]\xAB\b~bJ\x8AKy\xE1\x7F\x8B\x83\x80\x0E\xE6o;\xB1)&\x18\xB6\xFD\x1C/\x8B'\xFF\x88\xE0\xEB" } # from the nacl distribution
+
+  context "instantiation" do
+    it "can be instantiated from an already existing box" do
+      expect { Crypto::RandomNonceBox.new(secret_box) }.not_to raise_error
+    end
+
+    it "can be instantiated from a secret key" do
+      Crypto::RandomNonceBox.from_secret_key(secret_key).should be_a Crypto::RandomNonceBox
+    end
+    it "complains on an inappropriate secret key" do
+      expect { Crypto::RandomNonceBox.from_secret_key(nil) }.to raise_error(ArgumentError)
+    end
+    it "can be instantiated from a key-pair" do
+      Crypto::RandomNonceBox.from_keypair(alicepk, bobsk).should be_a Crypto::RandomNonceBox
+    end
+    it "complains on an inappropriate key in the pair" do
+      expect { Crypto::RandomNonceBox.from_keypair(nil, bobsk) }.to raise_error(ArgumentError)
+    end
+  end
+
+
+
+  context "cryptography" do
+    let(:nonce) { "iin\xE9U\xB6+s\xCDb\xBD\xA8u\xFCs\xD6\x82\x19\xE0\x03kz\v7" } # from nacl distribution
+    let(:message) { # from nacl distribution
+      [0xbe,0x07,0x5f,0xc5,0x3c,0x81,0xf2,0xd5,0xcf,0x14,0x13,0x16,0xeb,0xeb,0x0c,0x7b,
+        0x52,0x28,0xc5,0x2a,0x4c,0x62,0xcb,0xd4,0x4b,0x66,0x84,0x9b,0x64,0x24,0x4f,0xfc,
+        0xe5,0xec,0xba,0xaf,0x33,0xbd,0x75,0x1a,0x1a,0xc7,0x28,0xd4,0x5e,0x6c,0x61,0x29,
+        0x6c,0xdc,0x3c,0x01,0x23,0x35,0x61,0xf4,0x1d,0xb6,0x6c,0xce,0x31,0x4a,0xdb,0x31,
+        0x0e,0x3b,0xe8,0x25,0x0c,0x46,0xf0,0x6d,0xce,0xea,0x3a,0x7f,0xa1,0x34,0x80,0x57,
+        0xe2,0xf6,0x55,0x6a,0xd6,0xb1,0x31,0x8a,0x02,0x4a,0x83,0x8f,0x21,0xaf,0x1f,0xde,
+        0x04,0x89,0x77,0xeb,0x48,0xf5,0x9f,0xfd,0x49,0x24,0xca,0x1c,0x60,0x90,0x2e,0x52,
+        0xf0,0xa0,0x89,0xbc,0x76,0x89,0x70,0x40,0xe0,0x82,0xf9,0x37,0x76,0x38,0x48,0x64,
+        0x5e,0x07,0x05].pack('c*')
+    }
+    let(:ciphertext) { # from nacl distribution
+      [0xf3,0xff,0xc7,0x70,0x3f,0x94,0x00,0xe5,0x2a,0x7d,0xfb,0x4b,0x3d,0x33,0x05,0xd9,
+        0x8e,0x99,0x3b,0x9f,0x48,0x68,0x12,0x73,0xc2,0x96,0x50,0xba,0x32,0xfc,0x76,0xce,
+        0x48,0x33,0x2e,0xa7,0x16,0x4d,0x96,0xa4,0x47,0x6f,0xb8,0xc5,0x31,0xa1,0x18,0x6a,
+        0xc0,0xdf,0xc1,0x7c,0x98,0xdc,0xe8,0x7b,0x4d,0xa7,0xf0,0x11,0xec,0x48,0xc9,0x72,
+        0x71,0xd2,0xc2,0x0f,0x9b,0x92,0x8f,0xe2,0x27,0x0d,0x6f,0xb8,0x63,0xd5,0x17,0x38,
+        0xb4,0x8e,0xee,0xe3,0x14,0xa7,0xcc,0x8a,0xb9,0x32,0x16,0x45,0x48,0xe5,0x26,0xae,
+        0x90,0x22,0x43,0x68,0x51,0x7a,0xcf,0xea,0xbd,0x6b,0xb3,0x73,0x2b,0xc0,0xe9,0xda,
+        0x99,0x83,0x2b,0x61,0xca,0x01,0xb6,0xde,0x56,0x24,0x4a,0x9e,0x88,0xd5,0xf9,0xb3,
+        0x79,0x73,0xf6,0x22,0xa4,0x3d,0x14,0xa6,0x59,0x9b,0x1f,0x65,0x4c,0xb4,0x5a,0x74,
+        0xe3,0x55,0xa5].pack('c*')
+    }
+    let(:random_box) { Crypto::RandomNonceBox.from_keypair(alicepk, bobsk) }
+    let(:enciphered_message) { random_box.box(message) }
+    let(:enciphered_message_hex) { random_box.box(message, :hex) }
+
+    it "descrypts a message with a 'random' nonce" do
+      random_box.open(nonce+ciphertext).should eql message
+    end
+
+    it "can successfully round-trip a message" do
+      random_box.open(enciphered_message).should eql message
+    end
+
+    it "can encode a ciphertext as hex" do
+      enciphered_message_hex.should match /\A[0-9a-f]+\z/
+    end
+    it "can roundtrip a message as hex" do
+      random_box.open(enciphered_message_hex, :hex).should eql message
+    end
+  end
+end

data/spec/rbnacl/random_spec.rb

@@ -0,0 +1,9 @@
+# encoding: binary
+describe Crypto::Random do
+  it "produces random bytes" do
+    Crypto::Random.random_bytes(16).bytesize.should == 16
+  end
+  it "produces different random bytes" do
+    Crypto::Random.random_bytes(16).should_not == Crypto::Random.random_bytes(16)
+  end
+end

data/spec/rbnacl/secret_box_spec.rb

@@ -0,0 +1,24 @@
+# encoding: binary
+require 'spec_helper'
+
+describe Crypto::SecretBox do
+  let (:key) { Crypto::TestVectors[:secret_key] }
+
+  context "new" do
+    it "accepts strings" do
+      expect { Crypto::SecretBox.new(key, :hex) }.to_not raise_error(Exception)
+    end
+
+    it "raises on a nil key" do
+      expect { Crypto::SecretBox.new(nil) }.to raise_error(Crypto::LengthError, "Secret key was nil \(Expected #{Crypto::NaCl::SECRETKEYBYTES}\)")
+    end
+
+    it "raises on a short key" do
+      expect { Crypto::SecretBox.new("hello") }.to raise_error(Crypto::LengthError, "Secret key was 5 bytes \(Expected #{Crypto::NaCl::SECRETKEYBYTES}\)")
+    end
+  end
+
+  include_examples "box" do
+    let(:box) { Crypto::SecretBox.new(key, :hex) }
+  end
+end

data/spec/rbnacl/util_spec.rb

@@ -0,0 +1,119 @@
+# encoding: binary
+describe Crypto::Util do
+  context ".verify32!" do
+    let (:msg) { Crypto::Util.zeros(32) }
+    let (:identical_msg) { Crypto::Util.zeros(32) }
+    let (:other_msg) { Crypto::Util.zeros(31) + "\001" }
+    let (:short_msg) { Crypto::Util.zeros(31) }
+    let (:long_msg) { Crypto::Util.zeros(33) }
+
+    it "confirms identical messages are identical" do
+      Crypto::Util.verify32!(msg, identical_msg).should be true
+    end
+
+    it "confirms non-identical messages are non-identical" do
+      Crypto::Util.verify32!(msg, other_msg).should be false
+      Crypto::Util.verify32!(other_msg, msg).should be false
+    end
+
+    it "raises descriptively on a short message in position 1" do
+      expect { Crypto::Util.verify32!(short_msg, msg) }.to raise_error(Crypto::LengthError)
+    end
+    it "raises descriptively on a short message in position 2" do
+      expect { Crypto::Util.verify32!(msg, short_msg) }.to raise_error(Crypto::LengthError)
+    end
+    it "raises descriptively on a long message in position 1" do
+      expect { Crypto::Util.verify32!(long_msg, msg) }.to raise_error(Crypto::LengthError)
+    end
+    it "raises descriptively on a long message in position 2" do
+      expect { Crypto::Util.verify32!(msg, long_msg) }.to raise_error(Crypto::LengthError)
+    end
+  end
+  
+  context ".verify32" do
+    let (:msg) { Crypto::Util.zeros(32) }
+    let (:identical_msg) { Crypto::Util.zeros(32) }
+    let (:other_msg) { Crypto::Util.zeros(31) + "\001" }
+    let (:short_msg) { Crypto::Util.zeros(31) }
+    let (:long_msg) { Crypto::Util.zeros(33) }
+
+    it "confirms identical messages are identical" do
+      Crypto::Util.verify32(msg, identical_msg).should be true
+    end
+
+    it "confirms non-identical messages are non-identical" do
+      Crypto::Util.verify32(msg, other_msg).should be false
+      Crypto::Util.verify32(other_msg, msg).should be false
+      Crypto::Util.verify32(short_msg, msg).should be false
+      Crypto::Util.verify32(msg, short_msg).should be false
+      Crypto::Util.verify32(long_msg, msg).should be false
+      Crypto::Util.verify32(msg, long_msg).should be false
+    end
+
+  end
+
+  context ".verify16!" do
+    let (:msg) { Crypto::Util.zeros(16) }
+    let (:identical_msg) { Crypto::Util.zeros(16) }
+    let (:other_msg) { Crypto::Util.zeros(15) + "\001" }
+    let (:short_msg) { Crypto::Util.zeros(15) }
+    let (:long_msg) { Crypto::Util.zeros(17) }
+
+    it "confirms identical messages are identical" do
+      Crypto::Util.verify16!(msg, identical_msg).should be true
+    end
+
+    it "confirms non-identical messages are non-identical" do
+      Crypto::Util.verify16!(msg, other_msg).should be false
+      Crypto::Util.verify16!(other_msg, msg).should be false
+    end
+
+    it "raises descriptively on a short message in position 1" do
+      expect { Crypto::Util.verify16!(short_msg, msg) }.to raise_error(Crypto::LengthError)
+    end
+    it "raises descriptively on a short message in position 2" do
+      expect { Crypto::Util.verify16!(msg, short_msg) }.to raise_error(Crypto::LengthError)
+    end
+    it "raises descriptively on a long message in position 1" do
+      expect { Crypto::Util.verify16!(long_msg, msg) }.to raise_error(Crypto::LengthError)
+    end
+    it "raises descriptively on a long message in position 2" do
+      expect { Crypto::Util.verify16!(msg, long_msg) }.to raise_error(Crypto::LengthError)
+    end
+  end
+  
+  context ".verify16" do
+    let (:msg) { Crypto::Util.zeros(16) }
+    let (:identical_msg) { Crypto::Util.zeros(16) }
+    let (:other_msg) { Crypto::Util.zeros(15) + "\001" }
+    let (:short_msg) { Crypto::Util.zeros(15) }
+    let (:long_msg) { Crypto::Util.zeros(17) }
+
+    it "confirms identical messages are identical" do
+      Crypto::Util.verify16(msg, identical_msg).should be true
+    end
+
+    it "confirms non-identical messages are non-identical" do
+      Crypto::Util.verify16(msg, other_msg).should be false
+      Crypto::Util.verify16(other_msg, msg).should be false
+      Crypto::Util.verify16(short_msg, msg).should be false
+      Crypto::Util.verify16(msg, short_msg).should be false
+      Crypto::Util.verify16(long_msg, msg).should be false
+      Crypto::Util.verify16(msg, long_msg).should be false
+    end
+  end
+  context "check_length" do
+    it "accepts strings of the correct length" do
+      expect { Crypto::Util.check_length("A"*4, 4, "Test String") }.not_to raise_error
+    end
+    it "rejects strings which are too short" do
+      expect { Crypto::Util.check_length("A"*3, 4, "Test String") }.to raise_error(Crypto::LengthError, "Test String was 3 bytes (Expected 4)")
+    end
+    it "rejects strings which are too long" do
+      expect { Crypto::Util.check_length("A"*5, 4, "Test String") }.to raise_error(Crypto::LengthError, "Test String was 5 bytes (Expected 4)")
+    end
+    it "rejects nil strings" do
+      expect { Crypto::Util.check_length(nil, 4, "Test String") }.to raise_error(Crypto::LengthError, "Test String was nil (Expected 4)")
+    end
+  end
+end

data/spec/shared/authenticator.rb

@@ -0,0 +1,114 @@
+# encoding: binary
+shared_examples "authenticator" do
+  let (:hex_key) { Crypto::TestVectors[:auth_key] } 
+  let (:key)     { Crypto::Encoder[:hex].decode(hex_key) }
+  let (:message) { Crypto::Encoder[:hex].decode(Crypto::TestVectors[:auth_message]) }
+  let(:tag)      { Crypto::Encoder[:hex].decode(hex_tag)  }
+  
+  context ".new" do
+    it "accepts a key" do
+      expect { described_class.new(key)  }.to_not raise_error(ArgumentError)
+    end
+
+    it "requires a key" do
+      expect { described_class.new  }.to raise_error(ArgumentError)
+    end
+
+    it "raises on a nil key" do
+      expect { described_class.new(nil)  }.to raise_error(ArgumentError)
+    end
+
+    it "raises on a key which is too long" do
+      expect { described_class.new("\0"*33)  }.to raise_error(ArgumentError)
+    end
+
+    it "raises on a key which is too short" do
+      expect { described_class.new("\0"*31)  }.to raise_error(ArgumentError)
+    end
+  end
+
+  context ".auth" do
+    it "produces an authenticator" do
+      described_class.auth(key, message).should eq tag
+    end
+
+    it "raises on a nil key" do
+      expect { described_class.auth(nil, message)  }.to raise_error(ArgumentError)
+    end
+
+    it "raises on a key which is too long" do
+      expect { described_class.auth("\0"*33, message)  }.to raise_error(ArgumentError)
+    end
+  end
+
+  context ".verify" do
+    it "verify an authenticator" do
+      described_class.verify(key, message, tag).should eq true
+    end
+
+    it "raises on a nil key" do
+      expect { described_class.verify(nil, message, tag)  }.to raise_error(ArgumentError)
+    end
+
+    it "raises on a key which is too long" do
+      expect { described_class.verify("\0"*33, message, tag)  }.to raise_error(ArgumentError)
+    end
+
+    it "fails to validate an invalid authenticator" do
+      described_class.verify(key, message+"\0", tag ).should be false
+    end
+    it "fails to validate a short authenticator" do
+      described_class.verify(key, message, tag[0,tag.bytesize - 2]).should be false
+    end
+    it "fails to validate a long authenticator" do
+      described_class.verify(key, message, tag+"\0").should be false
+    end
+  end
+
+
+  context "Instance methods" do
+    let(:authenticator) { described_class.new(key) }
+
+    context "#auth" do
+      it "produces an authenticator" do
+        authenticator.auth(message).should eq tag
+      end
+
+      it "produces a hex encoded authenticator" do
+        authenticator.auth(message, :hex).should eq hex_tag
+      end
+    end
+
+    context "#verify" do
+      context "raw bytes" do
+        it "verifies an authenticator" do
+          authenticator.verify(message, tag).should be true
+        end
+        it "fails to validate an invalid authenticator" do
+          authenticator.verify(tag, message+"\0").should be false
+        end
+        it "fails to validate a short authenticator" do
+          authenticator.verify(tag[0,tag.bytesize - 2], message).should be false
+        end
+        it "fails to validate a long authenticator" do
+          authenticator.verify(tag+"\0", message).should be false
+        end
+      end
+
+      context "hex" do
+        it "verifies an hexencoded authenticator" do
+          authenticator.verify(message, hex_tag, :hex).should be true
+        end
+        it "fails to validate an invalid authenticator" do
+          authenticator.verify(message+"\0", hex_tag , :hex).should be false
+        end
+        it "fails to validate a short authenticator" do
+          authenticator.verify( message, hex_tag[0,hex_tag.bytesize - 2], :hex).should be false
+        end
+        it "fails to validate a long authenticator" do
+          authenticator.verify(message, hex_tag+"00", :hex).should be false
+        end
+      end
+    end
+  end
+end