rbnacl 1.1.0 → 2.0.0.pre

data/lib/rbnacl/hmac/sha512256.rb

@@ -1,9 +1,9 @@
 # encoding: binary
-module Crypto
+module RbNaCl
   module HMAC
     # Computes an authenticator as HMAC-SHA-512 truncated to 256-bits
     #
-    # The authenticator can be used at a later time to verify the provenence of
+    # The authenticator can be used at a later time to verify the provenance of
     # the message by recomputing the HMAC over the message and then comparing it to
     # the provided authenticator.  The class provides methods for generating
     # signatures and also has a constant-time implementation for checking them.
@@ -13,30 +13,29 @@ module Crypto
     #
     # @see http://nacl.cr.yp.to/auth.html
     class SHA512256 < Auth
-      # Number of bytes in a valid key
-      KEYBYTES = NaCl::HMACSHA512256_KEYBYTES
+      extend Sodium
 
-      # Number of bytes in a valid authenticator
-      BYTES = NaCl::HMACSHA512256_BYTES
+      sodium_type      :auth
+      sodium_primitive :hmacsha512256
+      sodium_constant  :BYTES
+      sodium_constant  :KEYBYTES
+
+      sodium_function  :auth_hmacsha512256,
+                       :crypto_auth_hmacsha512256,
+                       [:pointer, :pointer, :ulong_long, :pointer]
       
-      # The crypto primitive for the HMAC::SHA512256 class
-      #
-      # @return [Symbol] The primitive used
-      def self.primitive
-        :hmac_sha512256
-      end
+      sodium_function  :auth_hmacsha512256_verify,
+                       :crypto_auth_hmacsha512256_verify,
+                       [:pointer, :pointer, :ulong_long, :pointer]
 
       private
-      def compute_authenticator(message, authenticator)
-        NaCl.crypto_auth_hmacsha512256(authenticator, message, message.bytesize, key)
+      def compute_authenticator(authenticator, message)
+        self.class.auth_hmacsha512256(authenticator, message, message.bytesize, key)
       end
 
-      def verify_message(message, authenticator)
-        NaCl.crypto_auth_hmacsha512256_verify(authenticator, message, message.bytesize, key)
+      def verify_message(authenticator, message)
+        self.class.auth_hmacsha512256_verify(authenticator, message, message.bytesize, key)
       end
     end
-
-    # TIMTOWTDI!
-    SHA512 = SHA512256
   end
 end

data/lib/rbnacl/init.rb

@@ -0,0 +1,10 @@
+# encoding: binary
+module RbNaCl
+  # Defines the libsodium init function
+  module Init
+    extend FFI::Library
+    ffi_lib 'sodium'
+
+    attach_function :sodium_init, [], :int
+  end
+end

data/lib/rbnacl/{keys/key_comparator.rb → key_comparator.rb}

@@ -1,5 +1,5 @@
 # encoding: binary
-module Crypto
+module RbNaCl
   # Implements comparisons of keys
   #
   # This permits both timing invariant equality tests, as well as

data/lib/rbnacl/{auth/one_time.rb → one_time_auths/poly1305.rb}

@@ -1,9 +1,9 @@
 # encoding: binary
-module Crypto
-  class Auth
+module RbNaCl
+  module OneTimeAuths
     # Computes an authenticator using poly1305
     #
-    # The authenticator can be used at a later time to verify the provenence of
+    # The authenticator can be used at a later time to verify the provenance of
     # the message by recomputing the tag over the message and then comparing it to
     # the provided authenticator.  The class provides methods for generating
     # signatures and also has a constant-time implementation for checking them.
@@ -17,27 +17,29 @@ module Crypto
     # can also create them.
     #
     # @see http://nacl.cr.yp.to/onetimeauth.html
-    class OneTime < self
-      # Number of bytes in a valid key
-      KEYBYTES = NaCl::ONETIME_KEYBYTES
+    class Poly1305 < Auth
+      extend Sodium
 
-      # Number of bytes in a valid authenticator
-      BYTES = NaCl::ONETIME_BYTES
-      
-      # The crypto primitive for the Auth::OneTime class
-      #
-      # @return [Symbol] The primitive used
-      def self.primitive
-        :poly_1305
-      end
+      sodium_type      :onetimeauth
+      sodium_primitive :poly1305
+      sodium_constant  :BYTES
+      sodium_constant  :KEYBYTES
+
+      sodium_function :onetimeauth_poly1305,
+                      :crypto_onetimeauth_poly1305,
+                      [:pointer, :pointer, :ulong_long, :pointer]
+
+      sodium_function :onetimeauth_poly1305_verify,
+                      :crypto_onetimeauth_poly1305_verify,
+                      [:pointer, :pointer, :ulong_long, :pointer]
 
       private
-      def compute_authenticator(message, authenticator)
-        NaCl.crypto_auth_onetime(authenticator, message, message.bytesize, key)
+      def compute_authenticator(authenticator, message)
+        self.class.onetimeauth_poly1305(authenticator, message, message.bytesize, key)
       end
 
-      def verify_message(message, authenticator)
-        NaCl.crypto_auth_onetime_verify(authenticator, message, message.bytesize, key)
+      def verify_message(authenticator, message)
+        self.class.onetimeauth_poly1305_verify(authenticator, message, message.bytesize, key)
       end
 
     end

data/lib/rbnacl/rake_tasks.rb

@@ -3,7 +3,8 @@ require 'rake'
 require 'rake/clean'
 require 'digest/sha2'
 
-LIBSODIUM_VERSION = "0.2"
+LIBSODIUM_VERSION = "0.4.5"
+LIBSODIUM_DIGEST  = "7ad5202df53eeac0eb29b064ae5d05b65d82b2fc1c082899c9c6a09b0ee1ac32"
 
 def sh_hidden(command)
   STDERR.puts("*** Executing: #{command}")
@@ -19,17 +20,17 @@ end
 libsodium_tarball = "libsodium-#{LIBSODIUM_VERSION}.tar.gz"
 
 file libsodium_tarball do
-  sh "curl -O http://download.dnscrypt.org/libsodium/releases/libsodium-#{LIBSODIUM_VERSION}.tar.gz"
+  sh "curl -L -O https://github.com/jedisct1/libsodium/releases/download/#{LIBSODIUM_VERSION}/#{libsodium_tarball}"
 
   digest = Digest::SHA256.hexdigest(File.read(libsodium_tarball))
-  if digest != "e99a6b69adc080a5acf6b8a49fdc74b61d6f3579b590e85c93446a8325dde100"
+  if digest != LIBSODIUM_DIGEST
     rm libsodium_tarball
-    raise "#{libsodium_tarball} failed checksum!"
+    raise "#{libsodium_tarball} failed checksum! Got #{digest}"
   end
 end
 
-file "libsodium" => "libsodium-#{LIBSODIUM_VERSION}.tar.gz" do
-  sh "tar xzf libsodium-#{LIBSODIUM_VERSION}.tar.gz"
+file "libsodium" => libsodium_tarball do
+  sh "tar -zxf #{libsodium_tarball}"
   mv "libsodium-#{LIBSODIUM_VERSION}", "libsodium"
 end
 

data/lib/rbnacl/random.rb

@@ -1,18 +1,23 @@
 # encoding: binary
-module Crypto
+module RbNaCl
   # Functions for random number generation
   #
   # This uses the underlying source of random number generation on the OS, so
   # /dev/urandom on UNIX-like systems, and the MS crypto providor on windows.
   module Random
+    extend Sodium
+
+    sodium_function :c_random_bytes,
+                    :randombytes_buf,
+                    [:pointer, :ulong_long]
     # Returns a string of random bytes
     #
     # @param [Integer] n number of random bytes desired
     #
     # @return [String] random bytes.
     def self.random_bytes(n=32)
-      buf = Crypto::Util.zeros(n)
-      NaCl.random_bytes(buf, n)
+      buf = RbNaCl::Util.zeros(n)
+      c_random_bytes(buf, n)
       buf
     end
   end

data/lib/rbnacl/random_nonce_box.rb

@@ -1,15 +1,15 @@
 # encoding: binary
 require 'forwardable'
-module Crypto
+module RbNaCl
   # The simplest nonce strategy that could possibly work
   #
   # This class implements the simplest possible nonce generation strategy to
-  # wrap a Crypto::Box or Crypto::SecretBox.  A 24-byte random nonce is used
+  # wrap a RbNaCl::Box or RbNaCl::SecretBox.  A 24-byte random nonce is used
   # for the encryption and is prepended to the message.  When it is time to
   # open the box, the message is split into nonce and ciphertext, and then the
   # box is decrypted.
   #
-  # Thanks to the size of the nonce, the chance of a collision is neglible.  For
+  # Thanks to the size of the nonce, the chance of a collision is negligible.  For
   # example, after encrypting 2^64 messages, the odds of their having been
   # repeated nonce is approximately 2^-64.  As an additional convenience, the
   # ciphertexts may be encoded or decoded by any of the encoders implemented in
@@ -31,10 +31,6 @@ module Crypto
     extend Forwardable
     def_delegators :@box, :nonce_bytes, :primitive
 
-    # the size of the nonce
-    # DO NOT USE THIS, use the #nonce_bytes method instead
-    NONCEBYTES = NaCl::NONCEBYTES
-
     # Create a new RandomNonceBox
     #
     # @param box [SecretBox, Box] the SecretBox or Box to use.
@@ -75,14 +71,14 @@ module Crypto
     # the nonce prepended.  Optionally encodes the message using an encoder.
     #
     # @param message [String] The message to encrypt
-    # @param encoding [Symbol] Optional encoding for the returned ciphertext
     #
     # @return [String] The enciphered message
-    def box(message, encoding = :raw)
+    def box(message)
       nonce = generate_nonce
       cipher_text = @box.box(nonce, message)
-      Encoder[encoding].encode(nonce + cipher_text)
+      nonce + cipher_text
     end
+    alias encrypt box
 
     # Decrypts the ciphertext with a random nonce
     #
@@ -90,16 +86,15 @@ module Crypto
     # front and uses this to decrypt.  Returns the message.
     #
     # @param enciphered_message [String] The message to decrypt.
-    # @param encoding [Symbol] Optional decoding for the returned ciphertext
     #
     # @raise [CryptoError] If the message has been tampered with.
     #
     # @return [String] The decoded message
-    def open(enciphered_message, encoding = :raw)
-      decoded = Encoder[encoding].decode(enciphered_message)
-      nonce, ciphertext = *extract_nonce(decoded)
+    def open(enciphered_message)
+      nonce, ciphertext = extract_nonce(enciphered_message.to_s)
       @box.open(nonce, ciphertext)
     end
+    alias decrypt open
 
     private
     def generate_nonce

data/lib/rbnacl/secret_boxes/xsalsa20poly1305.rb

@@ -0,0 +1,125 @@
+# encoding: binary
+module RbNaCl
+  module SecretBoxes
+    # The SecretBox class boxes and unboxes messages
+    #
+    # This class uses the given secret key to encrypt and decrypt messages.
+    #
+    # It is VITALLY important that the nonce is a nonce, i.e. it is a number used
+    # only once for any given pair of keys.  If you fail to do this, you
+    # compromise the privacy of the messages encrypted. Give your nonces a
+    # different prefix, or have one side use an odd counter and one an even counter.
+    # Just make sure they are different.
+    #
+    # The ciphertexts generated by this class include a 16-byte authenticator which
+    # is checked as part of the decryption.  An invalid authenticator will cause
+    # the unbox function to raise.  The authenticator is not a signature.  Once
+    # you've looked in the box, you've demonstrated the ability to create
+    # arbitrary valid messages, so messages you send are repudiable.  For
+    # non-repudiable messages, sign them before or after encryption.
+    class XSalsa20Poly1305
+      extend Sodium
+
+      sodium_type      :secretbox
+      sodium_primitive :xsalsa20poly1305
+      sodium_constant  :KEYBYTES
+      sodium_constant  :NONCEBYTES
+      sodium_constant  :ZEROBYTES
+      sodium_constant  :BOXZEROBYTES
+
+      sodium_function :secretbox_xsalsa20poly1305,
+                      :crypto_secretbox_xsalsa20poly1305,
+                      [:pointer, :pointer, :ulong_long, :pointer, :pointer]
+
+      sodium_function :secretbox_xsalsa20poly1305_open,
+                      :crypto_secretbox_xsalsa20poly1305_open,
+                      [:pointer, :pointer, :ulong_long, :pointer, :pointer]
+
+      # Create a new SecretBox
+      #
+      # Sets up the Box with a secret key fro encrypting and decrypting messages.
+      #
+      # @param key [String] The key to encrypt and decrypt with
+      #
+      # @raise [RbNaCl::LengthError] on invalid keys
+      #
+      # @return [RbNaCl::SecretBox] The new Box, ready to use
+      def initialize(key)
+        @key = Util.check_string(key, KEYBYTES, "Secret key")
+      end
+
+      # Encrypts a message
+      #
+      # Encrypts the message with the given nonce to the key set up when
+      # initializing the class.  Make sure the nonce is unique for any given
+      # key, or you might as well just send plain text.
+      #
+      # This function takes care of the padding required by the NaCL C API.
+      #
+      # @param nonce [String] A 24-byte string containing the nonce.
+      # @param message [String] The message to be encrypted.
+      #
+      # @raise [RbNaCl::LengthError] If the nonce is not valid
+      #
+      # @return [String] The ciphertext without the nonce prepended (BINARY encoded)
+      def box(nonce, message)
+        Util.check_length(nonce, nonce_bytes, "Nonce")
+        msg = Util.prepend_zeros(ZEROBYTES, message)
+        ct  = Util.zeros(msg.bytesize)
+
+        self.class.secretbox_xsalsa20poly1305(ct, msg, msg.bytesize, nonce, @key) || raise(CryptoError, "Encryption failed")
+        Util.remove_zeros(BOXZEROBYTES, ct)
+      end
+      alias encrypt box
+
+      # Decrypts a ciphertext
+      #
+      # Decrypts the ciphertext with the given nonce using the key setup when
+      # initializing the class.
+      #
+      # This function takes care of the padding required by the NaCL C API.
+      #
+      # @param nonce [String] A 24-byte string containing the nonce.
+      # @param ciphertext [String] The message to be decrypted.
+      #
+      # @raise [RbNaCl::LengthError] If the nonce is not valid
+      # @raise [RbNaCl::CryptoError] If the ciphertext cannot be authenticated.
+      #
+      # @return [String] The decrypted message (BINARY encoded)
+      def open(nonce, ciphertext)
+        Util.check_length(nonce, nonce_bytes, "Nonce")
+        ct = Util.prepend_zeros(BOXZEROBYTES, ciphertext)
+        message  = Util.zeros(ct.bytesize)
+
+        self.class.secretbox_xsalsa20poly1305_open(message, ct, ct.bytesize, nonce, @key) || raise(CryptoError, "Decryption failed. Ciphertext failed verification.")
+        Util.remove_zeros(ZEROBYTES, message)
+      end
+      alias decrypt open
+
+      # The crypto primitive for the SecretBox instance
+      #
+      # @return [Symbol] The primitive used
+      def primitive; self.class.primitive; end
+
+      # The nonce bytes for the SecretBox class
+      #
+      # @return [Integer] The number of bytes in a valid nonce
+      def self.nonce_bytes; NONCEBYTES; end
+
+      # The nonce bytes for the SecretBox instance
+      #
+      # @return [Integer] The number of bytes in a valid nonce
+      def nonce_bytes; NONCEBYTES; end
+
+      # The key bytes for the SecretBox class
+      #
+      # @return [Integer] The number of bytes in a valid key
+      def self.key_bytes; KEYBYTES; end
+
+      # The key bytes for the SecretBox instance
+      #
+      # @return [Integer] The number of bytes in a valid key
+      def key_bytes; KEYBYTES; end
+    end
+  end
+end

data/lib/rbnacl/self_test.rb

@@ -1,41 +1,52 @@
+# encoding: binary
+
 start = Time.now if $DEBUG
 
-module Crypto
-  class SelfTestFailure < Crypto::CryptoError; end
+module RbNaCl
+  class SelfTestFailure < RbNaCl::CryptoError; end
 
   module SelfTest
     module_function
 
+    def vector(name)
+      [TestVectors[name]].pack("H*")
+    end
+
     def box_test
-      alicepk = Crypto::PublicKey.new(TestVectors[:alice_public], :hex)
-      bobsk = Crypto::PrivateKey.new(TestVectors[:bob_private], :hex)
+      alicepk = RbNaCl::PublicKey.new(vector(:alice_public))
+      bobsk = RbNaCl::PrivateKey.new(vector(:bob_private))
 
-      box = Crypto::Box.new(alicepk, bobsk)
+      box = RbNaCl::Box.new(alicepk, bobsk)
       box_common_test(box)
     end
 
     def secret_box_test
-      box = SecretBox.new(TestVectors[:secret_key], :hex)
+      box = SecretBox.new(vector(:secret_key))
       box_common_test(box)
     end
 
     def box_common_test(box)
-      nonce      = hexdecode_vector :box_nonce
-      message    = hexdecode_vector :box_message
-      ciphertext = hexdecode_vector :box_ciphertext
+      nonce      = vector :box_nonce
+      message    = vector :box_message
+      ciphertext = vector :box_ciphertext
 
       unless box.encrypt(nonce, message) == ciphertext
+        #:nocov:
         raise SelfTestFailure, "failed to generate correct ciphertext"
+        #:nocov:
       end
 
       unless box.decrypt(nonce, ciphertext) == message
+        #:nocov:
         raise SelfTestFailure, "failed to decrypt ciphertext correctly"
+        #:nocov:
       end
 
       begin
         passed         = false
         corrupt_ct     = ciphertext.dup
         corrupt_ct[23] = ' '
+        corrupt_ct
         box.decrypt(nonce, corrupt_ct)
       rescue CryptoError
         passed = true
@@ -45,74 +56,82 @@ module Crypto
     end
 
     def digital_signature_test
-      signing_key = SigningKey.new(TestVectors[:sign_private], :hex)
+      signing_key = SigningKey.new(vector(:sign_private))
       verify_key  = signing_key.verify_key
 
-      unless verify_key.to_s(:hex) == TestVectors[:sign_public]
+      unless verify_key.to_s == vector(:sign_public)
+        #:nocov:
         raise SelfTestFailure, "failed to generate verify key correctly"
+        #:nocov:
       end
 
-      message   = hexdecode_vector :sign_message
-      signature = signing_key.sign(message, :hex)
+      message   = vector :sign_message
+      signature = signing_key.sign(message)
 
-      unless signature == TestVectors[:sign_signature]
+      unless signature == vector(:sign_signature)
+        #:nocov:
         raise SelfTestFailure, "failed to generate correct signature"
+        #:nocov:
       end
 
-      unless verify_key.verify(message, signature, :hex)
+      unless verify_key.verify(signature, message)
+        #:nocov:
         raise SelfTestFailure, "failed to verify a valid signature"
+        #:nocov:
       end
 
-      bad_signature = signature[0,127] + '0'
+      bad_signature = signature[0,63] + '0'
 
-      unless verify_key.verify(message, bad_signature, :hex) == false
+      unless verify_key.verify(bad_signature, message) == false
+        #:nocov:
         raise SelfTestFailure, "failed to detect an invalid signature"
+        #:nocov:
       end
     end
 
     def sha256_test
-      message = hexdecode_vector :sha256_message
-      digest  = hexdecode_vector :sha256_digest
+      message = vector :sha256_message
+      digest  = vector :sha256_digest
 
-      unless Crypto::Hash.sha256(message) == digest
+      unless RbNaCl::Hash.sha256(message) == digest
+        #:nocov:
         raise SelfTestFailure, "failed to generate a correct SHA256 digest"
+        #:nocov:
       end
     end
 
     def hmac_test(klass, tag)
-      authenticator = klass.new(TestVectors[:auth_key], :hex)
+      authenticator = klass.new(vector(:auth_key))
 
-      message = hexdecode_vector :auth_message
+      message = vector :auth_message
 
-      unless authenticator.auth(message, :hex) == TestVectors[tag]
+      unless authenticator.auth(message) == vector(tag)
+        #:nocov:
         raise SelfTestFailure, "#{klass} failed to generate correct authentication tag"
+        #:nocov:
       end
 
-      unless authenticator.verify(message, TestVectors[tag], :hex)
+      unless authenticator.verify(vector(tag), message)
+        #:nocov:
         raise SelfTestFailure, "#{klass} failed to verify correct authentication tag"
+        #:nocov:
       end
 
-      if authenticator.verify(message+' ', TestVectors[tag], :hex)
+      if authenticator.verify(vector(tag), message + ' ')
+        #:nocov:
         raise SelfTestFailure, "#{klass} failed to detect invalid authentication tag"
+        #:nocov:
       end
     end
-
-    def hexdecode(string)
-      Encoder[:hex].decode(string)
-    end
-
-    def hexdecode_vector(name)
-      hexdecode TestVectors[name]
-    end
   end
 end
 
-Crypto::SelfTest.box_test
-Crypto::SelfTest.secret_box_test
-Crypto::SelfTest.digital_signature_test
-Crypto::SelfTest.sha256_test
-Crypto::SelfTest.hmac_test Crypto::HMAC::SHA256,    :auth_hmacsha256
-Crypto::SelfTest.hmac_test Crypto::HMAC::SHA512256, :auth_hmacsha512256
-Crypto::SelfTest.hmac_test Crypto::Auth::OneTime,   :auth_onetime
+RbNaCl::SelfTest.box_test
+RbNaCl::SelfTest.secret_box_test
+RbNaCl::SelfTest.digital_signature_test
+RbNaCl::SelfTest.sha256_test
+RbNaCl::SelfTest.hmac_test RbNaCl::HMAC::SHA256,    :auth_hmacsha256
+RbNaCl::SelfTest.hmac_test RbNaCl::HMAC::SHA512256, :auth_hmacsha512256
+RbNaCl::SelfTest.hmac_test RbNaCl::OneTimeAuth,     :auth_onetime
 
 puts "POST Completed in #{Time.now - start} s" if $DEBUG