rbnacl 1.1.0 → 2.0.0.pre

data/lib/rbnacl/serializable.rb

@@ -1,23 +1,15 @@
 # encoding: binary
-module Crypto
+module RbNaCl
   # Serialization features shared across all "key-like" classes
   module Serializable
-    # Return a string representation of this key, possibly encoded into a
-    # given serialization format.
-    #
-    # @param encoding [String] string encoding format in which to encode the key
-    #
-    # @return [String] key encoded in the specified format
-    def to_s(encoding = :raw)
-      Encoder[encoding].encode(to_bytes)
-    end
-    alias_method :to_str, :to_s
+    def to_s;   to_bytes; end
+    def to_str; to_bytes; end
 
     # Inspect this key
     #
     # @return [String] a string representing this key
     def inspect
-      "#<#{self.class}:#{to_s(:hex)[0,8]}>"
+      "#<#{self.class}:#{Util.bin2hex(to_bytes)[0,8]}>"
     end
   end
 end

data/lib/rbnacl/signatures/ed25519.rb

@@ -0,0 +1,15 @@
+# encoding: binary
+module RbNaCl
+  module Signatures
+    module Ed25519
+      extend Sodium
+
+      sodium_type      :sign
+      sodium_primitive :ed25519
+      sodium_constant  :SEEDBYTES
+      sodium_constant  :PUBLICKEYBYTES, :VERIFYKEYBYTES
+      sodium_constant  :SECRETKEYBYTES, :SIGNINGKEYBYTES
+      sodium_constant  :BYTES,          :SIGNATUREBYTES
+    end
+  end
+end

data/lib/rbnacl/signatures/ed25519/signing_key.rb

@@ -0,0 +1,104 @@
+# encoding: binary
+module RbNaCl
+  module Signatures
+    module Ed25519
+      # Private key for producing digital signatures using the Ed25519 algorithm.
+      # Ed25519 provides a 128-bit security level, that is to say, all known attacks
+      # take at least 2^128 operations, providing the same security level as
+      # AES-128, NIST P-256, and RSA-3072.
+      #
+      # Signing keys are produced from a 32-byte (256-bit) random seed value.
+      # This value can be passed into the SigningKey constructor as a String
+      # whose bytesize is 32.
+      #
+      # The public VerifyKey can be computed from the private 32-byte seed value
+      # as well, eliminating the need to store a "keypair".
+      #
+      # SigningKey produces 64-byte (512-bit) signatures. The signatures are
+      # deterministic: signing the same message will always produce the same
+      # signature. This prevents "entropy failure" seen in other signature
+      # algorithms like DSA and ECDSA, where poor random number generators can
+      # leak enough information to recover the private key.
+      class SigningKey
+        include KeyComparator
+        include Serializable
+
+        extend  Sodium
+
+        sodium_type      :sign
+        sodium_primitive :ed25519
+
+        sodium_function  :sign_ed25519,
+                         :crypto_sign_ed25519,
+                         [:pointer, :pointer, :pointer, :ulong_long, :pointer]
+
+        sodium_function  :sign_ed25519_seed_keypair,
+                         :crypto_sign_ed25519_seed_keypair,
+                         [:pointer, :pointer, :pointer]
+
+        attr_reader :verify_key
+
+        # Generate a random SigningKey
+        #
+        # @return [RbNaCl::SigningKey] Freshly-generated random SigningKey
+        def self.generate
+          new RbNaCl::Random.random_bytes(Ed25519::SEEDBYTES)
+        end
+
+        # Create a SigningKey from a seed value
+        #
+        # @param seed [String] Random 32-byte value (i.e. private key)
+        #
+        # @return [RbNaCl::SigningKey] Key which can sign messages
+        def initialize(seed)
+          seed = seed.to_s
+
+          Util.check_length(seed, Ed25519::SEEDBYTES, "seed")
+
+          pk = Util.zeros(Ed25519::VERIFYKEYBYTES)
+          sk = Util.zeros(Ed25519::SIGNINGKEYBYTES)
+
+          self.class.sign_ed25519_seed_keypair(pk, sk, seed) || raise(CryptoError, "Failed to generate a key pair")
+
+          @seed, @signing_key = seed, sk
+          @verify_key = VerifyKey.new(pk)
+        end
+
+        # Sign a message using this key
+        #
+        # @param message [String] Message to be signed by this key
+        #
+        # @return [String] Signature as bytes
+        def sign(message)
+          buffer = Util.prepend_zeros(signature_bytes, message)
+          buffer_len = Util.zeros(FFI::Type::LONG_LONG.size)
+
+          self.class.sign_ed25519(buffer, buffer_len, message, message.bytesize, @signing_key)
+
+          buffer[0, signature_bytes]
+        end
+
+        # Return the raw seed value of this key
+        #
+        # @return [String] seed used to create this key
+        def to_bytes; @seed; end
+
+        # The crypto primitive this SigningKey class uses for signatures
+        #
+        # @return [Symbol] The primitive
+        def primitive; self.class.primitive; end
+
+        # The size of signatures generated by the SigningKey class
+        #
+        # @return [Integer] The number of bytes in a signature
+        def self.signature_bytes; Ed25519::SIGNATUREBYTES; end
+
+        # The size of signatures generated by the SigningKey instance
+        #
+        # @return [Integer] The number of bytes in a signature
+        def signature_bytes; Ed25519::SIGNATUREBYTES; end
+
+      end
+    end
+  end
+end

data/lib/rbnacl/signatures/ed25519/verify_key.rb

@@ -0,0 +1,91 @@
+# encoding: binary
+module RbNaCl
+  module Signatures
+    module Ed25519
+      # The public key counterpart to an Ed25519 SigningKey for producing digital
+      # signatures. Like the name says, VerifyKeys can be used to verify that a
+      # given digital signature is authentic.
+      #
+      # For more information on the Ed25519 digital signature system, please see
+      # the SigningKey documentation.
+      class VerifyKey
+        include KeyComparator
+        include Serializable
+
+        extend  Sodium
+
+        sodium_type      :sign
+        sodium_primitive :ed25519
+
+        sodium_function  :sign_ed25519_open,
+                         :crypto_sign_ed25519_open,
+                         [:pointer, :pointer, :pointer, :ulong_long, :pointer]
+
+        # Create a new VerifyKey object from a public key.
+        #
+        # @param key [String] Ed25519 public key
+        #
+        # @return [RbNaCl::VerifyKey] Key which can verify messages
+        def initialize(key)
+          @key = key.to_str
+          Util.check_length(@key, Ed25519::VERIFYKEYBYTES, "key")
+        end
+
+        # Verify a signature for a given message
+        #
+        # @param signature [String] Alleged signature to be checked
+        # @param message [String] Message to be authenticated
+        #
+        # @return [Boolean] was the signature authentic?
+        def verify(signature, message)
+          signature = signature.to_str
+          Util.check_length(signature, signature_bytes, "signature")
+
+          sig_and_msg = signature + message
+          buffer = Util.zeros(sig_and_msg.bytesize)
+          buffer_len = Util.zeros(FFI::Type::LONG_LONG.size)
+
+          self.class.sign_ed25519_open(buffer, buffer_len, sig_and_msg, sig_and_msg.bytesize, @key)
+        end
+
+        # Verify a signature for a given message or raise exception
+        #
+        # "Dangerous" (but really safer) verify that raises an exception if a
+        # signature check fails. This is probably less likely to go unnoticed than
+        # an improperly checked verify, as you are forced to deal with the
+        # exception explicitly (and failing signature checks are certainly an
+        # exceptional condition!)
+        #
+        # The arguments are otherwise the same as the verify method.
+        #
+        # @param message [String] Message to be authenticated
+        # @param signature [String] Alleged signature to be checked
+        #
+        # @return [true] Will raise BadSignatureError if signature check fails
+        def verify!(message, signature)
+          verify(message, signature) or raise BadSignatureError, "signature was forged/corrupt"
+        end
+
+        # Return the raw key in byte format
+        #
+        # @return [String] raw key as bytes
+        def to_bytes; @key; end
+
+        # The crypto primitive this VerifyKey class uses for signatures
+        #
+        # @return [Symbol] The primitive
+        def primitive; self.class.primitive; end
+
+        # The size of signatures verified by the VerifyKey class
+        #
+        # @return [Integer] The number of bytes in a signature
+        def self.signature_bytes; Ed25519::SIGNATUREBYTES; end
+
+        # The size of signatures verified by the VerifyKey instance
+        #
+        # @return [Integer] The number of bytes in a signature
+        def signature_bytes; Ed25519::SIGNATUREBYTES; end
+      end
+    end
+  end
+end

data/lib/rbnacl/sodium.rb

@@ -0,0 +1,43 @@
+# encoding: binary
+require 'ffi'
+
+module RbNaCl
+  # Provides helpers for defining the libsodium bindings
+  module Sodium
+    def self.extended(klass)
+      klass.extend FFI::Library
+      klass.ffi_lib 'sodium'
+    end
+
+
+    def sodium_type(type = nil)
+      return @type if type.nil?
+      @type = type
+    end
+
+    def sodium_primitive(primitive = nil)
+      return @primitive if primitive.nil?
+      @primitive = primitive
+    end
+
+    def primitive
+      sodium_primitive
+    end
+
+    def sodium_constant(constant, name=constant)
+      fn = "crypto_#{sodium_type}_#{sodium_primitive}_#{constant.to_s.downcase}"
+      attach_function fn, [], :ulong_long
+      self.const_set(name, self.public_send(fn))
+    end
+
+    def sodium_function(name, function, arguments)
+      self.module_eval <<-eos, __FILE__, __LINE__ + 1
+      attach_function #{function.inspect}, #{arguments.inspect}, :int
+      def self.#{name}(*args)
+        ret = #{function}(*args)
+        ret == 0
+      end
+      eos
+    end
+  end
+end

data/lib/rbnacl/test_vectors.rb

@@ -1,5 +1,5 @@
 # encoding: binary
-module Crypto
+module RbNaCl
   # Reference library of test vectors used to verify the software is correct
   TestVectors = {
     #
@@ -50,8 +50,41 @@ module Crypto
     :sha256_message => "6162636462636465636465666465666765666768666768696768696a68696a6b" +
                        "696a6b6c6a6b6c6d6b6c6d6e6c6d6e6f6d6e6f706e6f7071",
     :sha256_digest  => "248d6a61d20638b8e5c026930c3e6039a33ce45964ff2167f6ecedd419db06c1",
+    :sha256_empty   => "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855",
 
     #
+    # SHA512 test vectors
+    # self-created (FIXME: find standard test vectors)
+    :sha512_message => "54686520717569636b2062726f776e20666f78206a756d7073206f7665722074" + 
+                       "6865206c617a7920646f672e",
+    :sha512_digest  => "91ea1245f20d46ae9a037a989f54f1f790f0a47607eeb8a14d12890cea77a1bb" +
+                       "c6c7ed9cf205e67b7f2b8fd4c7dfd3a7a8617e45f3c463d481c7e586c39ac1ed",
+    :sha512_empty   => "cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce" +
+                       "47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e",
+
+    # Blake2b test vectors
+    # self-created? (TODO: double check, fix)
+    :blake2b_message => "54686520717569636b2062726f776e20666f78206a756d7073206f7665722074" + 
+                        "6865206c617a7920646f67",
+    :blake2b_digest  => "a8add4bdddfd93e4877d2746e62817b116364a1fa7bc148d95090bc7333b3673" +
+                        "f82401cf7aa2e4cb1ecd90296e3f14cb5413f8ed77be73045b13914cdcd6a918",
+    :blake2b_empty   => "786a02f742015903c6c6fd852552d272912f4740e15847618a86e217f71f5419" +
+                        "d25e1031afee585313896444934eb04b903a685b1448b755d56f701afe9be2ce",
+
+    # from the Blake2 paper(?) (TODO: double check)
+    :blake2b_keyed_message => "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f" +
+                              "202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f" +
+                              "404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f" +
+                              "606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f" +
+                              "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f" +
+                              "a0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebf" +
+                              "c0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedf" +
+                              "e0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfe",
+    :blake2b_key           => "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f" +
+                              "202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f",
+    :blake2b_keyed_digest  => "142709d62e28fcccd0af97fad0f8465b971e82201dc51070faa0372aa43e9248" +
+                              "4be1c1e73ba10906d5d1853db6a4106e0a7bf9800d373d6dee2d46d62ef2a461",
+
     # Auth test vectors
     # Taken from NaCl distribution
     #

data/lib/rbnacl/util.rb

@@ -1,7 +1,13 @@
 # encoding: binary
-module Crypto
+module RbNaCl
   # Various utility functions
   module Util
+    extend Sodium
+
+    attach_function :sodium_version_string, [], :string
+
+    sodium_function :c_verify16, :crypto_verify_16, [:pointer, :pointer]
+    sodium_function :c_verify32, :crypto_verify_32, [:pointer, :pointer]
     module_function
     # Returns a string of n zeros
     #
@@ -46,7 +52,7 @@ module Crypto
     # In several places through the codebase we have to be VERY strict with
     # what length of string we accept.  This method supports that.
     #
-    # @raise [Crypto::LengthError] If the string is not the right length
+    # @raise [RbNaCl::LengthError] If the string is not the right length
     #
     # @param string [String] The string to compare
     # @param length [Integer] The desired length
@@ -57,7 +63,7 @@ module Crypto
           "#{description} was nil (Expected #{length.to_int})",
           caller
       end
-      
+
       if string.bytesize != length.to_int
         raise LengthError,
               "#{description} was #{string.bytesize} bytes (Expected #{length.to_int})",
@@ -66,6 +72,27 @@ module Crypto
       true
     end
 
+    # Check a passed in string, converting the argument if necessary
+    #
+    # In several places through the codebase we have to be VERY strict with
+    # the strings we accept.  This method supports that.
+    #
+    # @raise [ArgumentError] If we cannot convert to a string with #to_str
+    # @raise [RbNaCl::LengthError] If the string is not the right length
+    #
+    # @param string [#to_str] The input string
+    # @param length [Integer] The only acceptable length of the string
+    # @param description [String] Description of the string (used in the error)
+    def check_string(string, length, description)
+      unless string.respond_to? :to_str
+        raise TypeError, "can't convert #{string.class} into String with #to_str"
+      end
+
+      string = string.to_str
+      check_length(string, length, description)
+
+      string
+    end
 
     # Compare two 32 byte strings in constant time
     #
@@ -79,7 +106,7 @@ module Crypto
     # @return [Boolean] Well, are they equal?
     def verify32(one, two)
       return false unless two.bytesize == 32 && one.bytesize == 32
-      NaCl.crypto_verify_32(one, two)
+      c_verify32(one, two)
     end
 
     # Compare two 32 byte strings in constant time
@@ -97,7 +124,7 @@ module Crypto
     def verify32!(one, two)
       check_length(one, 32, "First message")
       check_length(two, 32, "Second message")
-      NaCl.crypto_verify_32(one, two)
+      c_verify32(one, two)
     end
 
     # Compare two 16 byte strings in constant time
@@ -112,7 +139,7 @@ module Crypto
     # @return [Boolean] Well, are they equal?
     def verify16(one, two)
       return false unless two.bytesize == 16 && one.bytesize == 16
-      NaCl.crypto_verify_16(one, two)
+      c_verify16(one, two)
     end
 
     # Compare two 16 byte strings in constant time
@@ -130,7 +157,25 @@ module Crypto
     def verify16!(one, two)
       check_length(one, 16, "First message")
       check_length(two, 16, "Second message")
-      NaCl.crypto_verify_16(one, two)
+      c_verify16(one, two)
+    end
+
+    # Hex encodes a message
+    #
+    # @param [String] bytes The bytes to encode
+    #
+    # @return [String] Tasty, tasty hexadecimal
+    def bin2hex(bytes)
+      bytes.to_s.unpack("H*").first
+    end
+
+    # Hex decodes a message
+    #
+    # @param [String] hex hex to decode.
+    #
+    # @return [String] crisp and clean bytes
+    def hex2bin(hex)
+      [hex.to_s].pack("H*")
     end
   end
 end

data/lib/rbnacl/version.rb

@@ -1,5 +1,5 @@
 # encoding: binary
-module Crypto
+module RbNaCl
   # The library's version
-  VERSION = "1.1.0"
+  VERSION = "2.0.0.pre"
 end