rbnacl 1.1.0 → 2.0.0.pre

data/lib/rbnacl/{keys → boxes/curve25519xsalsa20poly1305}/private_key.rb

@@ -1,6 +1,7 @@
 # encoding: binary
-module Crypto
-  # Crypto::Box private key. Keep it safe
+
+module RbNaCl
+  # RbNaCl::Box private key. Keep it safe
   #
   # This class generates and stores NaCL private keys, as well as providing a
   # reference to the public key associated with this private key, if that's
@@ -9,12 +10,22 @@ module Crypto
   # Note that the documentation for NaCl refers to this as a secret key, but in
   # this library its a private key, to avoid confusing the issue with the
   # SecretBox, which does symmetric encryption.
-  class PrivateKey
+  class Boxes::Curve25519XSalsa20Poly1305::PrivateKey
+
     include KeyComparator
     include Serializable
+      
+    extend Sodium
+
+    sodium_type      :box
+    sodium_primitive :curve25519xsalsa20poly1305
+
+    sodium_function :box_curve25519xsalsa20poly1305_keypair,
+                    :crypto_box_curve25519xsalsa20poly1305_keypair,
+                    [:pointer, :pointer]
 
     # The size of the key, in bytes
-    BYTES = NaCl::CURVE25519_XSALSA20_POLY1305_SECRETKEY_BYTES
+    BYTES = Boxes::Curve25519XSalsa20Poly1305::PRIVATEKEYBYTES
 
     # Initializes a new PrivateKey for key operations.
     #
@@ -25,23 +36,23 @@ module Crypto
     # @param private_key [String] The private key
     # @param key_encoding [Symbol] The encoding of the key
     #
-    # @raise [Crypto::LengthError] If the key is not valid after decoding.
+    # @raise [TypeError] If the key is nil
+    # @raise [RbNaCl::LengthError] If the key is not valid after decoding.
     #
     # @return A new PrivateKey
-    def initialize(private_key, key_encoding = :raw)
-      @private_key = Crypto::Encoder[key_encoding].decode(private_key)
-      Util.check_length(@private_key, BYTES, "Private key")
+    def initialize(private_key)
+      @private_key = Util.check_string(private_key, BYTES, "Private key")
     end
 
     # Generates a new keypair
     #
-    # @raise [Crypto::CryptoError] if key generation fails, due to insufficient randomness.
+    # @raise [RbNaCl::CryptoError] if key generation fails, due to insufficient randomness.
     #
-    # @return [Crypto::PrivateKey] A new private key, with the associated public key also set.
+    # @return [RbNaCl::PrivateKey] A new private key, with the associated public key also set.
     def self.generate
-      pk = Util.zeros(NaCl::CURVE25519_XSALSA20_POLY1305_PUBLICKEY_BYTES)
-      sk = Util.zeros(NaCl::CURVE25519_XSALSA20_POLY1305_SECRETKEY_BYTES)
-      NaCl.crypto_box_curve25519xsalsa20poly1305_keypair(pk, sk) || raise(CryptoError, "Failed to generate a key pair")
+      pk = Util.zeros(Boxes::Curve25519XSalsa20Poly1305::PUBLICKEYBYTES)
+      sk = Util.zeros(Boxes::Curve25519XSalsa20Poly1305::PRIVATEKEYBYTES)
+      self.box_curve25519xsalsa20poly1305_keypair(pk, sk) || raise(CryptoError, "Failed to generate a key pair")
       new(sk)
     end
 
@@ -56,22 +67,14 @@ module Crypto
     #
     # @return [PublicKey] the key
     def public_key
-      @public_key ||= PublicKey.new(Point.base.mult(to_bytes))
-    end
-
-    # The crypto primitive the PrivateKey class is to be used for
-    #
-    # @return [Symbol] The primitive
-    def self.primitive
-      :curve25519_xsalsa20_poly1305
+      @public_key ||= PublicKey.new GroupElements::Curve25519.base.mult(to_bytes)
     end
-
+    
     # The crypto primitive this PrivateKey is to be used for.
     #
     # @return [Symbol] The primitive
     def primitive
       self.class.primitive
     end
-
   end
 end

data/lib/rbnacl/{keys → boxes/curve25519xsalsa20poly1305}/public_key.rb

@@ -1,31 +1,31 @@
 # encoding: binary
-module Crypto
-  # Crypto::Box public key. Send to your friends.
+
+module RbNaCl
+  # RbNaCl::Box public key. Send it (securely!) to your friends.
   #
-  # This class stores the NaCL public key, and provides some convience
+  # This class stores the NaCL public key, and provides some convenience
   # functions for working with it.
-  class PublicKey
+  class Boxes::Curve25519XSalsa20Poly1305::PublicKey
+
     include KeyComparator
     include Serializable
 
     # The size of the key, in bytes
-    BYTES = NaCl::CURVE25519_XSALSA20_POLY1305_PUBLICKEY_BYTES
+    BYTES = Boxes::Curve25519XSalsa20Poly1305::PUBLICKEYBYTES
 
     # Initializes a new PublicKey for key operations.
     #
     # Takes the (optionally encoded) public key bytes.  This can be shared with
     # many people and used to establish key pairs with their private key, for
-    # the exchanging of messages using a Crypto::Box
+    # the exchanging of messages using a RbNaCl::Box
     #
     # @param public_key [String] The public key
-    # @param key_encoding [Symbol] The encoding of the key
     #
-    # @raise [Crypto::LengthError] If the key is not valid after decoding.
+    # @raise [RbNaCl::LengthError] If the key is not valid after decoding.
     #
     # @return A new PublicKey
-    def initialize(public_key, key_encoding = :raw)
-      @public_key = Crypto::Encoder[key_encoding].decode(public_key)
-      Util.check_length(@public_key, BYTES, "Public key")
+    def initialize(public_key)
+      @public_key = Util.check_string(public_key, BYTES, "Public key")
     end
 
     # The raw bytes of the key
@@ -39,7 +39,7 @@ module Crypto
     #
     # @return [Symbol] The primitive
     def self.primitive
-      :curve25519_xsalsa20_poly1305
+      :curve25519xsalsa20poly1305
     end
 
     # The crypto primitive this PublicKey is to be used for.
@@ -49,4 +49,5 @@ module Crypto
       self.class.primitive
     end
   end
+
 end

data/lib/rbnacl/group_elements/curve25519.rb

@@ -0,0 +1,81 @@
+# encoding: binary
+module RbNaCl
+  module GroupElements
+    # Points provide the interface to NaCl's Curve25519 high-speed elliptic
+    # curve cryptography, which can be used for implementing Diffie-Hellman
+    # and other forms of public key cryptography (e.g. RbNaCl::Box)
+    #
+    # Objects of the Point class represent points on Edwards curves. NaCl
+    # defines a base point (the "standard group element") which we can
+    # multiply by an arbitrary integer. This is how NaCl computes public
+    # keys from private keys.
+    class Curve25519
+      # NaCl's Curve25519 base point (a.k.a. standard group element), serialized as hex
+      STANDARD_GROUP_ELEMENT = ["0900000000000000000000000000000000000000000000000000000000000000"].pack("H*").freeze
+
+      # Order of the standard group
+      STANDARD_GROUP_ORDER = 2**252 + 27742317777372353535851937790883648493
+
+      include KeyComparator
+      include Serializable
+
+      extend Sodium
+
+      sodium_type      :scalarmult
+      sodium_primitive :curve25519
+
+      sodium_function  :scalarmult_curve25519,
+                       :crypto_scalarmult_curve25519,
+                       [:pointer, :pointer, :pointer]
+
+      # Number of bytes in a scalar on this curve
+      SCALARBYTES = 32
+      BYTES       = 32
+
+      # Number of bytes in a scalar on this curve
+
+      # Creates a new Point from the given serialization
+      #
+      # @param [String] point location of a group element (32-bytes)
+      #
+      # @return [RbNaCl::Point] the Point at this location
+      def initialize(point)
+        @point = point.to_str
+
+        # FIXME: really should have a separate constant here for group element size
+        # Group elements and scalars are both 32-bits, but that's for convenience
+        Util.check_length(@point, SCALARBYTES, "group element")
+      end
+
+      # Multiply the given integer by this point
+      # This ordering is a bit confusing because traditionally the point
+      # would be the right-hand operand.
+      #
+      # @param [String] integer value to multiply with this Point (32-bytes)
+      #
+      # @return [RbNaCl::Point] result as a Point object
+      def mult(integer, encoding = :raw)
+        integer = integer.to_str
+        Util.check_length(integer, SCALARBYTES, "integer")
+
+        result = Util.zeros(SCALARBYTES)
+        self.class.scalarmult_curve25519(result, integer, @point)
+
+        self.class.new(result)
+      end
+
+      # Return the point serialized as bytes
+      #
+      # @return [String] 32-byte string representing this point
+      def to_bytes; @point; end
+
+      @base_point = new(STANDARD_GROUP_ELEMENT)
+
+      # NaCl's standard base point for all Curve25519 public keys
+      #
+      # @return [RbNaCl::Point] standard base point (a.k.a. standard group element)
+      def self.base; @base_point; end
+      def self.base_point; @base_point; end
+    end
+  end
+end

data/lib/rbnacl/hash.rb

@@ -1,5 +1,5 @@
 # encoding: binary
-module Crypto
+module RbNaCl
   # Cryptographic hash functions
   #
   # Cryptographic hash functions take a variable length message and compute a
@@ -11,38 +11,54 @@ module Crypto
   # there is no secret involved in the hashing, so anyone can create the hash of
   # a given message.
   #
-  # RbNaCl provides the SHA-256 and SHA-512 hash functions.
+  # RbNaCl provides the SHA-256,SHA-512 as well as the Blake2b hash functions.
   module Hash
     # Returns the SHA-256 hash of the given data
     #
     # There's no streaming done, just pass in the data and be done with it.
     #
-    # @param [String] data The data, as a collection of bytes
-    # @param [#to_sym] encoding Encoding of the returned hash.
+    # @param [#to_str] data The data, as a collection of bytes
     #
     # @raise [CryptoError] If the hashing fails for some reason.
     #
     # @return [String] The SHA-256 hash as raw bytes (Or encoded as per the second argument)
-    def self.sha256(data, encoding = :raw)
-      hash = Util.zeros(NaCl::SHA256BYTES)
-      NaCl.crypto_hash_sha256(hash, data, data.bytesize) || raise(CryptoError, "Hashing failed!")
-      Encoder[encoding].encode(hash)
+    def self.sha256(data)
+      data   = data.to_str
+      digest = Util.zeros(SHA256::BYTES)
+      SHA256.hash_sha256(digest, data, data.bytesize) || raise(CryptoError, "Hashing failed!")
+      digest
     end
 
     # Returns the SHA-512 hash of the given data
     #
     # There's no streaming done, just pass in the data and be done with it.
     #
-    # @param [String] data The data, as a collection of bytes
-    # @param [#to_sym] encoding Encoding of the returned hash.
+    # @param [#to_str] data The data, as a collection of bytes
     #
     # @raise [CryptoError] If the hashing fails for some reason.
     #
     # @return [String] The SHA-512 hash as raw bytes (Or encoded as per the second argument)
-    def self.sha512(data, encoding = :raw)
-      hash = Util.zeros(NaCl::SHA512BYTES)
-      NaCl.crypto_hash_sha512(hash, data, data.bytesize) || raise(CryptoError, "Hashing failed!")
-      Encoder[encoding].encode(hash)
+    def self.sha512(data)
+      digest = Util.zeros(SHA512::BYTES)
+      SHA512.hash_sha512(digest, data, data.bytesize) || raise(CryptoError, "Hashing failed!")
+      digest
+    end
+
+    # Returns the Blake2b hash of the given data
+    #
+    # There's no streaming done, just pass in the data and be done with it.
+    # This method returns a 64-byte hash by default.
+    #
+    # @param [String] data The data, as a collection of bytes
+    # @option options [Fixnum] digest_size Size in bytes (1-64, default 64)
+    # @option options [String] key 64-byte (or less) key for keyed mode
+    #
+    # @raise [CryptoError] If the hashing fails for some reason.
+    #
+    # @return [String] The blake2b hash as raw bytes (Or encoded as per the second argument)
+    def self.blake2b(data, options = {})
+      key         = options[:key]
+      Blake2b.new(options).digest(data)
     end
   end
 end

data/lib/rbnacl/hash/blake2b.rb

@@ -0,0 +1,57 @@
+# encoding: binary
+module RbNaCl
+  module Hash
+    # The Blake2b hash function
+    #
+    # Blake2b is based on Blake, a SHA3 finalist which was snubbed in favor of
+    # Keccak, a much slower hash function but one sufficiently different from
+    # SHA2 to let the SHA3 judges panel sleep easy. Back in the real world,
+    # it'd be great if we can calculate hashes quickly if possible.
+    #
+    # Blake2b provides for up to 64-bit digests and also supports a keyed mode
+    # similar to HMAC
+    class Blake2b
+      extend Sodium
+
+      sodium_type      :generichash
+      sodium_primitive :blake2b
+      sodium_constant  :BYTES_MIN
+      sodium_constant  :BYTES_MAX
+      sodium_constant  :KEYBYTES_MIN
+      sodium_constant  :KEYBYTES_MAX
+
+      sodium_function  :generichash_blake2b,
+                       :crypto_generichash_blake2b,
+                       [:pointer, :ulong_long, :pointer, :ulong_long, :pointer, :ulong_long]
+
+      # Create a new Blake2b hash object
+      #
+      # @param [Hash] opts Blake2b configuration
+      # @option opts [String]  :key for Blake2b keyed mode
+      # @option opts [Integer] :digest_size size of output digest in bytes
+      #
+      # @raise [RbNaCl::LengthError] Invalid length specified for one or more options
+      #
+      # @return [RbNaCl::Hash::Blake2b] A Blake2b hasher object
+      def initialize(opts = {})
+        @key = opts.fetch(:key, nil)
+        @key_size = @key ? @key.bytesize : 0
+        raise LengthError, "Invalid key size" if (@key_size != 0) && (@key_size < KEYBYTES_MIN || @key_size > KEYBYTES_MAX) 
+
+        @digest_size = opts.fetch(:digest_size, BYTES_MAX)
+        raise LengthError, "Invalid digest size" if @digest_size < BYTES_MIN || @digest_size > BYTES_MAX
+      end
+
+      # Calculate a Blake2b digest
+      #
+      # @param [String] message Message to be hashed
+      #
+      # @return [String] Blake2b digest of the string as raw bytes
+      def digest(message)
+        digest = Util.zeros(@digest_size)
+        self.class.generichash_blake2b(digest, @digest_size, message, message.bytesize, @key, @key_size) || raise(CryptoError, "Hashing failed!")
+        digest
+      end
+    end
+  end
+end

data/lib/rbnacl/hash/sha256.rb

@@ -0,0 +1,15 @@
+# encoding: binary
+module RbNaCl
+  module Hash
+    # Provides a binding for the SHA256 function in libsodium
+    module SHA256
+      extend Sodium
+      sodium_type      :hash
+      sodium_primitive :sha256
+      sodium_constant  :BYTES
+      sodium_function  :hash_sha256,
+        :crypto_hash_sha256,
+        [:pointer, :pointer, :ulong_long]
+    end
+  end
+end

data/lib/rbnacl/hash/sha512.rb

@@ -0,0 +1,15 @@
+# encoding: binary
+module RbNaCl
+  module Hash
+    # Provides the binding for the SHA512 hash function
+    module SHA512
+      extend Sodium
+      sodium_type      :hash
+      sodium_primitive :sha512
+      sodium_constant  :BYTES
+      sodium_function  :hash_sha512,
+                       :crypto_hash_sha512,
+                       [:pointer, :pointer, :ulong_long]
+    end
+  end
+end

data/lib/rbnacl/hmac/sha256.rb

@@ -1,9 +1,9 @@
 # encoding: binary
-module Crypto
+module RbNaCl
   module HMAC
     # Computes an authenticator as HMAC-SHA-256
     #
-    # The authenticator can be used at a later time to verify the provenence of
+    # The authenticator can be used at a later time to verify the provenance of
     # the message by recomputing the HMAC over the message and then comparing it to
     # the provided authenticator.  The class provides methods for generating
     # signatures and also has a constant-time implementation for checking them.
@@ -13,26 +13,28 @@ module Crypto
     #
     # @see http://nacl.cr.yp.to/auth.html
     class SHA256 < Auth
-      # Number of bytes in a valid key
-      KEYBYTES = NaCl::HMACSHA256_KEYBYTES
+      extend Sodium
 
-      # Number of bytes in a valid authenticator
-      BYTES = NaCl::HMACSHA256_BYTES
-
-      # The crypto primitive for the HMAC::SHA256 class
-      #
-      # @return [Symbol] The primitive used
-      def self.primitive
-        :hmac_sha256
-      end
+      sodium_type      :auth
+      sodium_primitive :hmacsha256
+      sodium_constant  :BYTES
+      sodium_constant  :KEYBYTES
 
+      sodium_function  :auth_hmacsha256,
+                       :crypto_auth_hmacsha256,
+                       [:pointer, :pointer, :ulong_long, :pointer]
+      
+      sodium_function  :auth_hmacsha256_verify,
+                       :crypto_auth_hmacsha256_verify,
+                       [:pointer, :pointer, :ulong_long, :pointer]
+      
       private
-      def compute_authenticator(message, authenticator)
-        NaCl.crypto_auth_hmacsha256(authenticator, message, message.bytesize, key)
+      def compute_authenticator(authenticator, message)
+        self.class.auth_hmacsha256(authenticator, message, message.bytesize, key)
       end
 
-      def verify_message(message, authenticator)
-        NaCl.crypto_auth_hmacsha256_verify(authenticator, message, message.bytesize, key)
+      def verify_message(authenticator, message)
+        self.class.auth_hmacsha256_verify(authenticator, message, message.bytesize, key)
       end
     end
   end