rbnacl 1.1.0 → 2.0.0.pre
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.travis.yml +1 -5
- data/CHANGES.md +15 -0
- data/Gemfile +4 -1
- data/Guardfile +8 -0
- data/README.md +52 -3
- data/lib/rbnacl.rb +65 -29
- data/lib/rbnacl/auth.rb +14 -18
- data/lib/rbnacl/boxes/curve25519xsalsa20poly1305.rb +185 -0
- data/lib/rbnacl/{keys → boxes/curve25519xsalsa20poly1305}/private_key.rb +26 -23
- data/lib/rbnacl/{keys → boxes/curve25519xsalsa20poly1305}/public_key.rb +13 -12
- data/lib/rbnacl/group_elements/curve25519.rb +81 -0
- data/lib/rbnacl/hash.rb +30 -14
- data/lib/rbnacl/hash/blake2b.rb +57 -0
- data/lib/rbnacl/hash/sha256.rb +15 -0
- data/lib/rbnacl/hash/sha512.rb +15 -0
- data/lib/rbnacl/hmac/sha256.rb +19 -17
- data/lib/rbnacl/hmac/sha512256.rb +18 -19
- data/lib/rbnacl/init.rb +10 -0
- data/lib/rbnacl/{keys/key_comparator.rb → key_comparator.rb} +1 -1
- data/lib/rbnacl/{auth/one_time.rb → one_time_auths/poly1305.rb} +21 -19
- data/lib/rbnacl/rake_tasks.rb +7 -6
- data/lib/rbnacl/random.rb +8 -3
- data/lib/rbnacl/random_nonce_box.rb +9 -14
- data/lib/rbnacl/secret_boxes/xsalsa20poly1305.rb +125 -0
- data/lib/rbnacl/self_test.rb +59 -40
- data/lib/rbnacl/serializable.rb +4 -12
- data/lib/rbnacl/signatures/ed25519.rb +15 -0
- data/lib/rbnacl/signatures/ed25519/signing_key.rb +104 -0
- data/lib/rbnacl/signatures/ed25519/verify_key.rb +91 -0
- data/lib/rbnacl/sodium.rb +43 -0
- data/lib/rbnacl/test_vectors.rb +34 -1
- data/lib/rbnacl/util.rb +52 -7
- data/lib/rbnacl/version.rb +2 -2
- data/rbnacl.gemspec +3 -6
- data/spec/rbnacl/{auth/one_time_spec.rb → authenticators/poly1305_spec.rb} +2 -2
- data/spec/rbnacl/boxes/curve25519xsalsa20poly1305/private_key_spec.rb +65 -0
- data/spec/rbnacl/{keys → boxes/curve25519xsalsa20poly1305}/public_key_spec.rb +10 -13
- data/spec/rbnacl/boxes/curve25519xsalsa20poly1305_spec.rb +39 -0
- data/spec/rbnacl/{point_spec.rb → group_element_spec.rb} +6 -8
- data/spec/rbnacl/hash/blake2b_spec.rb +26 -0
- data/spec/rbnacl/hash_spec.rb +13 -33
- data/spec/rbnacl/hmac/sha256_spec.rb +2 -2
- data/spec/rbnacl/hmac/sha512256_spec.rb +2 -2
- data/spec/rbnacl/random_nonce_box_spec.rb +21 -26
- data/spec/rbnacl/random_spec.rb +3 -3
- data/spec/rbnacl/secret_box_spec.rb +6 -6
- data/spec/rbnacl/signatures/ed25519/signing_key_spec.rb +30 -0
- data/spec/rbnacl/signatures/ed25519/verify_key_spec.rb +39 -0
- data/spec/rbnacl/util_spec.rb +67 -53
- data/spec/shared/authenticator.rb +36 -54
- data/spec/shared/box.rb +10 -10
- data/spec/shared/key_equality.rb +3 -3
- data/spec/shared/serializable.rb +17 -0
- data/spec/spec_helper.rb +14 -16
- data/tasks/rspec.rake +1 -0
- metadata +42 -67
- checksums.yaml.gz.sig +0 -0
- data.tar.gz.sig +0 -3
- data/lib/rbnacl/box.rb +0 -171
- data/lib/rbnacl/encoder.rb +0 -44
- data/lib/rbnacl/encoders/base32.rb +0 -33
- data/lib/rbnacl/encoders/base64.rb +0 -30
- data/lib/rbnacl/encoders/hex.rb +0 -30
- data/lib/rbnacl/encoders/raw.rb +0 -12
- data/lib/rbnacl/keys/signing_key.rb +0 -95
- data/lib/rbnacl/keys/verify_key.rb +0 -96
- data/lib/rbnacl/nacl.rb +0 -146
- data/lib/rbnacl/point.rb +0 -70
- data/lib/rbnacl/secret_box.rb +0 -119
- data/spec/rbnacl/box_spec.rb +0 -42
- data/spec/rbnacl/encoder_spec.rb +0 -14
- data/spec/rbnacl/encoders/base32_spec.rb +0 -16
- data/spec/rbnacl/encoders/base64_spec.rb +0 -15
- data/spec/rbnacl/encoders/hex_spec.rb +0 -15
- data/spec/rbnacl/keys/private_key_spec.rb +0 -68
- data/spec/rbnacl/keys/signing_key_spec.rb +0 -39
- data/spec/rbnacl/keys/verify_key_spec.rb +0 -51
- metadata.gz.sig +0 -2
@@ -0,0 +1,30 @@
|
|
1
|
+
# encoding: binary
|
2
|
+
require 'spec_helper'
|
3
|
+
|
4
|
+
describe RbNaCl::SigningKey do
|
5
|
+
let(:signing_key) { vector :sign_private }
|
6
|
+
let(:message) { vector :sign_message }
|
7
|
+
let(:signature) { vector :sign_signature }
|
8
|
+
|
9
|
+
subject { described_class.new(signing_key) }
|
10
|
+
|
11
|
+
it "generates keys" do
|
12
|
+
described_class.generate.should be_a described_class
|
13
|
+
end
|
14
|
+
|
15
|
+
it "signs messages as bytes" do
|
16
|
+
subject.sign(message).should eq signature
|
17
|
+
end
|
18
|
+
|
19
|
+
it "serializes to bytes" do
|
20
|
+
subject.to_bytes.should eq signing_key
|
21
|
+
end
|
22
|
+
|
23
|
+
include_examples "key equality" do
|
24
|
+
let(:key_bytes) { signing_key }
|
25
|
+
let(:key) { described_class.new(key_bytes) }
|
26
|
+
let(:other_key) { described_class.new("B"*32) }
|
27
|
+
end
|
28
|
+
|
29
|
+
include_examples "serializable"
|
30
|
+
end
|
@@ -0,0 +1,39 @@
|
|
1
|
+
# encoding: binary
|
2
|
+
describe RbNaCl::VerifyKey do
|
3
|
+
let(:signing_key) { vector :sign_private }
|
4
|
+
let(:verify_key) { vector :sign_public }
|
5
|
+
|
6
|
+
let(:message) { vector :sign_message }
|
7
|
+
let(:signature) { vector :sign_signature }
|
8
|
+
let(:bad_signature) { sig = signature.dup; sig[0] = (sig[0].ord + 1).chr; sig }
|
9
|
+
|
10
|
+
subject { RbNaCl::SigningKey.new(signing_key).verify_key }
|
11
|
+
|
12
|
+
it "verifies correct signatures" do
|
13
|
+
subject.verify(signature, message).should be_true
|
14
|
+
end
|
15
|
+
|
16
|
+
it "detects bad signatures" do
|
17
|
+
subject.verify(bad_signature, message).should be_false
|
18
|
+
end
|
19
|
+
|
20
|
+
it "raises when asked to verify with a bang" do
|
21
|
+
expect { subject.verify!(bad_signature, message) }.to raise_exception RbNaCl::BadSignatureError
|
22
|
+
end
|
23
|
+
|
24
|
+
it "serializes to bytes" do
|
25
|
+
subject.to_bytes.should eq verify_key
|
26
|
+
end
|
27
|
+
|
28
|
+
it "initializes from bytes" do
|
29
|
+
described_class.new(verify_key).to_s.should eq verify_key
|
30
|
+
end
|
31
|
+
|
32
|
+
include_examples "key equality" do
|
33
|
+
let(:key_bytes) { verify_key }
|
34
|
+
let(:key) { described_class.new(verify_key) }
|
35
|
+
let(:other_key) { described_class.new("B"*32) }
|
36
|
+
end
|
37
|
+
|
38
|
+
include_examples "serializable"
|
39
|
+
end
|
data/spec/rbnacl/util_spec.rb
CHANGED
@@ -1,119 +1,133 @@
|
|
1
1
|
# encoding: binary
|
2
|
-
describe
|
2
|
+
describe RbNaCl::Util do
|
3
3
|
context ".verify32!" do
|
4
|
-
let (:msg) {
|
5
|
-
let (:identical_msg) {
|
6
|
-
let (:other_msg) {
|
7
|
-
let (:short_msg) {
|
8
|
-
let (:long_msg) {
|
4
|
+
let (:msg) { RbNaCl::Util.zeros(32) }
|
5
|
+
let (:identical_msg) { RbNaCl::Util.zeros(32) }
|
6
|
+
let (:other_msg) { RbNaCl::Util.zeros(31) + "\001" }
|
7
|
+
let (:short_msg) { RbNaCl::Util.zeros(31) }
|
8
|
+
let (:long_msg) { RbNaCl::Util.zeros(33) }
|
9
9
|
|
10
10
|
it "confirms identical messages are identical" do
|
11
|
-
|
11
|
+
RbNaCl::Util.verify32!(msg, identical_msg).should be true
|
12
12
|
end
|
13
13
|
|
14
14
|
it "confirms non-identical messages are non-identical" do
|
15
|
-
|
16
|
-
|
15
|
+
RbNaCl::Util.verify32!(msg, other_msg).should be false
|
16
|
+
RbNaCl::Util.verify32!(other_msg, msg).should be false
|
17
17
|
end
|
18
18
|
|
19
19
|
it "raises descriptively on a short message in position 1" do
|
20
|
-
expect {
|
20
|
+
expect { RbNaCl::Util.verify32!(short_msg, msg) }.to raise_error(RbNaCl::LengthError)
|
21
21
|
end
|
22
22
|
it "raises descriptively on a short message in position 2" do
|
23
|
-
expect {
|
23
|
+
expect { RbNaCl::Util.verify32!(msg, short_msg) }.to raise_error(RbNaCl::LengthError)
|
24
24
|
end
|
25
25
|
it "raises descriptively on a long message in position 1" do
|
26
|
-
expect {
|
26
|
+
expect { RbNaCl::Util.verify32!(long_msg, msg) }.to raise_error(RbNaCl::LengthError)
|
27
27
|
end
|
28
28
|
it "raises descriptively on a long message in position 2" do
|
29
|
-
expect {
|
29
|
+
expect { RbNaCl::Util.verify32!(msg, long_msg) }.to raise_error(RbNaCl::LengthError)
|
30
30
|
end
|
31
31
|
end
|
32
32
|
|
33
33
|
context ".verify32" do
|
34
|
-
let (:msg) {
|
35
|
-
let (:identical_msg) {
|
36
|
-
let (:other_msg) {
|
37
|
-
let (:short_msg) {
|
38
|
-
let (:long_msg) {
|
34
|
+
let (:msg) { RbNaCl::Util.zeros(32) }
|
35
|
+
let (:identical_msg) { RbNaCl::Util.zeros(32) }
|
36
|
+
let (:other_msg) { RbNaCl::Util.zeros(31) + "\001" }
|
37
|
+
let (:short_msg) { RbNaCl::Util.zeros(31) }
|
38
|
+
let (:long_msg) { RbNaCl::Util.zeros(33) }
|
39
39
|
|
40
40
|
it "confirms identical messages are identical" do
|
41
|
-
|
41
|
+
RbNaCl::Util.verify32(msg, identical_msg).should be true
|
42
42
|
end
|
43
43
|
|
44
44
|
it "confirms non-identical messages are non-identical" do
|
45
|
-
|
46
|
-
|
47
|
-
|
48
|
-
|
49
|
-
|
50
|
-
|
45
|
+
RbNaCl::Util.verify32(msg, other_msg).should be false
|
46
|
+
RbNaCl::Util.verify32(other_msg, msg).should be false
|
47
|
+
RbNaCl::Util.verify32(short_msg, msg).should be false
|
48
|
+
RbNaCl::Util.verify32(msg, short_msg).should be false
|
49
|
+
RbNaCl::Util.verify32(long_msg, msg).should be false
|
50
|
+
RbNaCl::Util.verify32(msg, long_msg).should be false
|
51
51
|
end
|
52
52
|
|
53
53
|
end
|
54
54
|
|
55
55
|
context ".verify16!" do
|
56
|
-
let (:msg) {
|
57
|
-
let (:identical_msg) {
|
58
|
-
let (:other_msg) {
|
59
|
-
let (:short_msg) {
|
60
|
-
let (:long_msg) {
|
56
|
+
let (:msg) { RbNaCl::Util.zeros(16) }
|
57
|
+
let (:identical_msg) { RbNaCl::Util.zeros(16) }
|
58
|
+
let (:other_msg) { RbNaCl::Util.zeros(15) + "\001" }
|
59
|
+
let (:short_msg) { RbNaCl::Util.zeros(15) }
|
60
|
+
let (:long_msg) { RbNaCl::Util.zeros(17) }
|
61
61
|
|
62
62
|
it "confirms identical messages are identical" do
|
63
|
-
|
63
|
+
RbNaCl::Util.verify16!(msg, identical_msg).should be true
|
64
64
|
end
|
65
65
|
|
66
66
|
it "confirms non-identical messages are non-identical" do
|
67
|
-
|
68
|
-
|
67
|
+
RbNaCl::Util.verify16!(msg, other_msg).should be false
|
68
|
+
RbNaCl::Util.verify16!(other_msg, msg).should be false
|
69
69
|
end
|
70
70
|
|
71
71
|
it "raises descriptively on a short message in position 1" do
|
72
|
-
expect {
|
72
|
+
expect { RbNaCl::Util.verify16!(short_msg, msg) }.to raise_error(RbNaCl::LengthError)
|
73
73
|
end
|
74
74
|
it "raises descriptively on a short message in position 2" do
|
75
|
-
expect {
|
75
|
+
expect { RbNaCl::Util.verify16!(msg, short_msg) }.to raise_error(RbNaCl::LengthError)
|
76
76
|
end
|
77
77
|
it "raises descriptively on a long message in position 1" do
|
78
|
-
expect {
|
78
|
+
expect { RbNaCl::Util.verify16!(long_msg, msg) }.to raise_error(RbNaCl::LengthError)
|
79
79
|
end
|
80
80
|
it "raises descriptively on a long message in position 2" do
|
81
|
-
expect {
|
81
|
+
expect { RbNaCl::Util.verify16!(msg, long_msg) }.to raise_error(RbNaCl::LengthError)
|
82
82
|
end
|
83
83
|
end
|
84
84
|
|
85
85
|
context ".verify16" do
|
86
|
-
let (:msg) {
|
87
|
-
let (:identical_msg) {
|
88
|
-
let (:other_msg) {
|
89
|
-
let (:short_msg) {
|
90
|
-
let (:long_msg) {
|
86
|
+
let (:msg) { RbNaCl::Util.zeros(16) }
|
87
|
+
let (:identical_msg) { RbNaCl::Util.zeros(16) }
|
88
|
+
let (:other_msg) { RbNaCl::Util.zeros(15) + "\001" }
|
89
|
+
let (:short_msg) { RbNaCl::Util.zeros(15) }
|
90
|
+
let (:long_msg) { RbNaCl::Util.zeros(17) }
|
91
91
|
|
92
92
|
it "confirms identical messages are identical" do
|
93
|
-
|
93
|
+
RbNaCl::Util.verify16(msg, identical_msg).should be true
|
94
94
|
end
|
95
95
|
|
96
96
|
it "confirms non-identical messages are non-identical" do
|
97
|
-
|
98
|
-
|
99
|
-
|
100
|
-
|
101
|
-
|
102
|
-
|
97
|
+
RbNaCl::Util.verify16(msg, other_msg).should be false
|
98
|
+
RbNaCl::Util.verify16(other_msg, msg).should be false
|
99
|
+
RbNaCl::Util.verify16(short_msg, msg).should be false
|
100
|
+
RbNaCl::Util.verify16(msg, short_msg).should be false
|
101
|
+
RbNaCl::Util.verify16(long_msg, msg).should be false
|
102
|
+
RbNaCl::Util.verify16(msg, long_msg).should be false
|
103
103
|
end
|
104
104
|
end
|
105
|
+
|
105
106
|
context "check_length" do
|
106
107
|
it "accepts strings of the correct length" do
|
107
|
-
expect {
|
108
|
+
expect { RbNaCl::Util.check_length("A"*4, 4, "Test String") }.not_to raise_error
|
108
109
|
end
|
109
110
|
it "rejects strings which are too short" do
|
110
|
-
expect {
|
111
|
+
expect { RbNaCl::Util.check_length("A"*3, 4, "Test String") }.to raise_error(RbNaCl::LengthError, "Test String was 3 bytes (Expected 4)")
|
111
112
|
end
|
112
113
|
it "rejects strings which are too long" do
|
113
|
-
expect {
|
114
|
+
expect { RbNaCl::Util.check_length("A"*5, 4, "Test String") }.to raise_error(RbNaCl::LengthError, "Test String was 5 bytes (Expected 4)")
|
114
115
|
end
|
115
116
|
it "rejects nil strings" do
|
116
|
-
expect {
|
117
|
+
expect { RbNaCl::Util.check_length(nil, 4, "Test String") }.to raise_error(RbNaCl::LengthError, "Test String was nil (Expected 4)")
|
118
|
+
end
|
119
|
+
end
|
120
|
+
|
121
|
+
context "hex encoding" do
|
122
|
+
let (:bytes) { [0xDE,0xAD,0xBE,0xEF].pack('c*') }
|
123
|
+
let (:hex) { "deadbeef" }
|
124
|
+
|
125
|
+
it "encodes to hex with bin2hex" do
|
126
|
+
RbNaCl::Util.bin2hex(bytes).should eq hex
|
127
|
+
end
|
128
|
+
|
129
|
+
it "decodes from hex with hex2bin" do
|
130
|
+
RbNaCl::Util.hex2bin(hex).should eq bytes
|
117
131
|
end
|
118
132
|
end
|
119
133
|
end
|
@@ -1,29 +1,27 @@
|
|
1
1
|
# encoding: binary
|
2
2
|
shared_examples "authenticator" do
|
3
|
-
let (:
|
4
|
-
let (:
|
5
|
-
let (:message) { test_vector :auth_message }
|
6
|
-
let (:tag) { hex2bytes hex_tag }
|
3
|
+
let (:key) { vector :auth_key }
|
4
|
+
let (:message) { vector :auth_message }
|
7
5
|
|
8
6
|
context ".new" do
|
9
7
|
it "accepts a key" do
|
10
|
-
expect { described_class.new(key)
|
8
|
+
expect { described_class.new(key) }.to_not raise_error(ArgumentError)
|
11
9
|
end
|
12
10
|
|
13
11
|
it "requires a key" do
|
14
|
-
expect { described_class.new
|
12
|
+
expect { described_class.new }.to raise_error(ArgumentError)
|
15
13
|
end
|
16
14
|
|
17
|
-
it "raises on a nil key" do
|
18
|
-
expect { described_class.new(nil)
|
15
|
+
it "raises TypeError on a nil key" do
|
16
|
+
expect { described_class.new(nil) }.to raise_error(TypeError)
|
19
17
|
end
|
20
18
|
|
21
|
-
it "raises on a key which is too long" do
|
22
|
-
expect { described_class.new("\0"*33)
|
19
|
+
it "raises ArgumentError on a key which is too long" do
|
20
|
+
expect { described_class.new("\0"*33) }.to raise_error(ArgumentError)
|
23
21
|
end
|
24
22
|
|
25
|
-
it "raises on a key which is too short" do
|
26
|
-
expect { described_class.new("\0"*31)
|
23
|
+
it "raises ArgumentError on a key which is too short" do
|
24
|
+
expect { described_class.new("\0"*31) }.to raise_error(ArgumentError)
|
27
25
|
end
|
28
26
|
end
|
29
27
|
|
@@ -32,36 +30,38 @@ shared_examples "authenticator" do
|
|
32
30
|
described_class.auth(key, message).should eq tag
|
33
31
|
end
|
34
32
|
|
35
|
-
it "raises on a nil key" do
|
36
|
-
expect { described_class.auth(nil, message)
|
33
|
+
it "raises TypeError on a nil key" do
|
34
|
+
expect { described_class.auth(nil, message) }.to raise_error(TypeError)
|
37
35
|
end
|
38
36
|
|
39
|
-
it "raises on a key which is too long" do
|
40
|
-
expect { described_class.auth("\0"*33, message)
|
37
|
+
it "raises ArgumentError on a key which is too long" do
|
38
|
+
expect { described_class.auth("\0"*33, message) }.to raise_error(ArgumentError)
|
41
39
|
end
|
42
40
|
end
|
43
41
|
|
44
42
|
context ".verify" do
|
45
43
|
it "verify an authenticator" do
|
46
|
-
described_class.verify(key,
|
44
|
+
described_class.verify(key, tag, message).should eq true
|
47
45
|
end
|
48
46
|
|
49
|
-
it "raises on a nil key" do
|
50
|
-
expect { described_class.verify(nil,
|
47
|
+
it "raises TypeError on a nil key" do
|
48
|
+
expect { described_class.verify(nil, tag, message) }.to raise_error(TypeError)
|
51
49
|
end
|
52
50
|
|
53
|
-
it "raises on a key which is too long" do
|
54
|
-
expect { described_class.verify("\0"*33,
|
51
|
+
it "raises ArgumentError on a key which is too long" do
|
52
|
+
expect { described_class.verify("\0"*33, tag, message) }.to raise_error(ArgumentError)
|
55
53
|
end
|
56
54
|
|
57
55
|
it "fails to validate an invalid authenticator" do
|
58
|
-
described_class.verify(key, message+"\0"
|
56
|
+
described_class.verify(key, tag, message+"\0").should be false
|
59
57
|
end
|
58
|
+
|
60
59
|
it "fails to validate a short authenticator" do
|
61
|
-
described_class.verify(key,
|
60
|
+
described_class.verify(key, tag[0,tag.bytesize - 2], message).should be false
|
62
61
|
end
|
62
|
+
|
63
63
|
it "fails to validate a long authenticator" do
|
64
|
-
described_class.verify(key,
|
64
|
+
described_class.verify(key, tag+"\0", message).should be false
|
65
65
|
end
|
66
66
|
end
|
67
67
|
|
@@ -73,41 +73,23 @@ shared_examples "authenticator" do
|
|
73
73
|
it "produces an authenticator" do
|
74
74
|
authenticator.auth(message).should eq tag
|
75
75
|
end
|
76
|
-
|
77
|
-
it "produces a hex encoded authenticator" do
|
78
|
-
authenticator.auth(message, :hex).should eq hex_tag
|
79
|
-
end
|
80
76
|
end
|
81
77
|
|
82
78
|
context "#verify" do
|
83
|
-
|
84
|
-
|
85
|
-
|
86
|
-
|
87
|
-
|
88
|
-
|
89
|
-
|
90
|
-
|
91
|
-
|
92
|
-
|
93
|
-
it "fails to validate a long authenticator" do
|
94
|
-
authenticator.verify(tag+"\0", message).should be false
|
95
|
-
end
|
79
|
+
it "verifies an authenticator" do
|
80
|
+
authenticator.verify(tag, message).should be true
|
81
|
+
end
|
82
|
+
|
83
|
+
it "fails to validate an invalid authenticator" do
|
84
|
+
authenticator.verify(tag, message+"\0").should be false
|
85
|
+
end
|
86
|
+
|
87
|
+
it "fails to validate a short authenticator" do
|
88
|
+
authenticator.verify(tag[0,tag.bytesize - 2], message).should be false
|
96
89
|
end
|
97
90
|
|
98
|
-
|
99
|
-
|
100
|
-
authenticator.verify(message, hex_tag, :hex).should be true
|
101
|
-
end
|
102
|
-
it "fails to validate an invalid authenticator" do
|
103
|
-
authenticator.verify(message+"\0", hex_tag , :hex).should be false
|
104
|
-
end
|
105
|
-
it "fails to validate a short authenticator" do
|
106
|
-
authenticator.verify( message, hex_tag[0,hex_tag.bytesize - 2], :hex).should be false
|
107
|
-
end
|
108
|
-
it "fails to validate a long authenticator" do
|
109
|
-
authenticator.verify(message, hex_tag+"00", :hex).should be false
|
110
|
-
end
|
91
|
+
it "fails to validate a long authenticator" do
|
92
|
+
authenticator.verify(tag+"\0", message).should be false
|
111
93
|
end
|
112
94
|
end
|
113
95
|
end
|
data/spec/shared/box.rb
CHANGED
@@ -3,12 +3,12 @@
|
|
3
3
|
require 'spec_helper'
|
4
4
|
|
5
5
|
shared_examples "box" do
|
6
|
-
let(:nonce) {
|
6
|
+
let(:nonce) { vector :box_nonce }
|
7
7
|
let(:invalid_nonce) { nonce[0,12] } # too short!
|
8
8
|
let(:invalid_nonce_long) { nonce + nonce } # too long!
|
9
|
-
let(:message) {
|
10
|
-
let(:ciphertext) {
|
11
|
-
let (:nonce_error_regex) { /Nonce.*(Expected #{
|
9
|
+
let(:message) { vector :box_message }
|
10
|
+
let(:ciphertext) { vector :box_ciphertext }
|
11
|
+
let (:nonce_error_regex) { /Nonce.*(Expected #{box.nonce_bytes})/ }
|
12
12
|
let(:corrupt_ciphertext) { ciphertext[80] = " " } # picked at random by fair diceroll
|
13
13
|
|
14
14
|
context "box" do
|
@@ -18,11 +18,11 @@ shared_examples "box" do
|
|
18
18
|
end
|
19
19
|
|
20
20
|
it "raises on a short nonce" do
|
21
|
-
expect { box.box(invalid_nonce, message) }.to raise_error(
|
21
|
+
expect { box.box(invalid_nonce, message) }.to raise_error(RbNaCl::LengthError, nonce_error_regex)
|
22
22
|
end
|
23
23
|
|
24
24
|
it "raises on a long nonce" do
|
25
|
-
expect { box.box(invalid_nonce_long, message) }.to raise_error(
|
25
|
+
expect { box.box(invalid_nonce_long, message) }.to raise_error(RbNaCl::LengthError, nonce_error_regex)
|
26
26
|
end
|
27
27
|
end
|
28
28
|
|
@@ -33,19 +33,19 @@ shared_examples "box" do
|
|
33
33
|
end
|
34
34
|
|
35
35
|
it "raises on a truncated message to decrypt" do
|
36
|
-
expect { box.open(nonce, ciphertext[0, 64]) }.to raise_error(
|
36
|
+
expect { box.open(nonce, ciphertext[0, 64]) }.to raise_error(RbNaCl::CryptoError, /Decryption failed. Ciphertext failed verification./)
|
37
37
|
end
|
38
38
|
|
39
39
|
it "raises on a corrupt ciphertext" do
|
40
|
-
expect { box.open(nonce, corrupt_ciphertext) }.to raise_error(
|
40
|
+
expect { box.open(nonce, corrupt_ciphertext) }.to raise_error(RbNaCl::CryptoError, /Decryption failed. Ciphertext failed verification./)
|
41
41
|
end
|
42
42
|
|
43
43
|
it "raises on a short nonce" do
|
44
|
-
expect { box.open(invalid_nonce, message) }.to raise_error(
|
44
|
+
expect { box.open(invalid_nonce, message) }.to raise_error(RbNaCl::LengthError, nonce_error_regex)
|
45
45
|
end
|
46
46
|
|
47
47
|
it "raises on a long nonce" do
|
48
|
-
expect { box.open(invalid_nonce_long, message) }.to raise_error(
|
48
|
+
expect { box.open(invalid_nonce_long, message) }.to raise_error(RbNaCl::LengthError, nonce_error_regex)
|
49
49
|
end
|
50
50
|
end
|
51
51
|
end
|