rbnacl 1.1.0 → 2.0.0.pre

data/spec/rbnacl/signatures/ed25519/signing_key_spec.rb

@@ -0,0 +1,30 @@
+# encoding: binary
+require 'spec_helper'
+
+describe RbNaCl::SigningKey do
+  let(:signing_key) { vector :sign_private }
+  let(:message)     { vector :sign_message }
+  let(:signature)   { vector :sign_signature }
+
+  subject { described_class.new(signing_key) }
+
+  it "generates keys" do
+    described_class.generate.should be_a described_class
+  end
+
+  it "signs messages as bytes" do
+    subject.sign(message).should eq signature
+  end
+
+  it "serializes to bytes" do
+    subject.to_bytes.should eq signing_key
+  end
+
+  include_examples "key equality" do
+    let(:key_bytes) { signing_key }
+    let(:key)       { described_class.new(key_bytes) }
+    let(:other_key) { described_class.new("B"*32) }
+  end
+
+  include_examples "serializable"
+end

data/spec/rbnacl/signatures/ed25519/verify_key_spec.rb

@@ -0,0 +1,39 @@
+# encoding: binary
+describe RbNaCl::VerifyKey do
+  let(:signing_key)    { vector :sign_private }
+  let(:verify_key)     { vector :sign_public }
+
+  let(:message)        { vector :sign_message }
+  let(:signature)      { vector :sign_signature }
+  let(:bad_signature)  { sig = signature.dup; sig[0] = (sig[0].ord + 1).chr; sig }
+
+  subject { RbNaCl::SigningKey.new(signing_key).verify_key }
+
+  it "verifies correct signatures" do
+    subject.verify(signature, message).should be_true
+  end
+
+  it "detects bad signatures" do
+    subject.verify(bad_signature, message).should be_false
+  end
+
+  it "raises when asked to verify with a bang" do
+    expect { subject.verify!(bad_signature, message) }.to raise_exception RbNaCl::BadSignatureError
+  end
+
+  it "serializes to bytes" do
+    subject.to_bytes.should eq verify_key
+  end
+
+  it "initializes from bytes" do
+    described_class.new(verify_key).to_s.should eq verify_key
+  end
+
+  include_examples "key equality" do
+    let(:key_bytes) { verify_key }
+    let(:key)       { described_class.new(verify_key) }
+    let(:other_key) { described_class.new("B"*32) }
+  end
+
+  include_examples "serializable"
+end

data/spec/rbnacl/util_spec.rb

@@ -1,119 +1,133 @@
 # encoding: binary
-describe Crypto::Util do
+describe RbNaCl::Util do
   context ".verify32!" do
-    let (:msg) { Crypto::Util.zeros(32) }
-    let (:identical_msg) { Crypto::Util.zeros(32) }
-    let (:other_msg) { Crypto::Util.zeros(31) + "\001" }
-    let (:short_msg) { Crypto::Util.zeros(31) }
-    let (:long_msg) { Crypto::Util.zeros(33) }
+    let (:msg) { RbNaCl::Util.zeros(32) }
+    let (:identical_msg) { RbNaCl::Util.zeros(32) }
+    let (:other_msg) { RbNaCl::Util.zeros(31) + "\001" }
+    let (:short_msg) { RbNaCl::Util.zeros(31) }
+    let (:long_msg) { RbNaCl::Util.zeros(33) }
 
     it "confirms identical messages are identical" do
-      Crypto::Util.verify32!(msg, identical_msg).should be true
+      RbNaCl::Util.verify32!(msg, identical_msg).should be true
     end
 
     it "confirms non-identical messages are non-identical" do
-      Crypto::Util.verify32!(msg, other_msg).should be false
-      Crypto::Util.verify32!(other_msg, msg).should be false
+      RbNaCl::Util.verify32!(msg, other_msg).should be false
+      RbNaCl::Util.verify32!(other_msg, msg).should be false
     end
 
     it "raises descriptively on a short message in position 1" do
-      expect { Crypto::Util.verify32!(short_msg, msg) }.to raise_error(Crypto::LengthError)
+      expect { RbNaCl::Util.verify32!(short_msg, msg) }.to raise_error(RbNaCl::LengthError)
     end
     it "raises descriptively on a short message in position 2" do
-      expect { Crypto::Util.verify32!(msg, short_msg) }.to raise_error(Crypto::LengthError)
+      expect { RbNaCl::Util.verify32!(msg, short_msg) }.to raise_error(RbNaCl::LengthError)
     end
     it "raises descriptively on a long message in position 1" do
-      expect { Crypto::Util.verify32!(long_msg, msg) }.to raise_error(Crypto::LengthError)
+      expect { RbNaCl::Util.verify32!(long_msg, msg) }.to raise_error(RbNaCl::LengthError)
     end
     it "raises descriptively on a long message in position 2" do
-      expect { Crypto::Util.verify32!(msg, long_msg) }.to raise_error(Crypto::LengthError)
+      expect { RbNaCl::Util.verify32!(msg, long_msg) }.to raise_error(RbNaCl::LengthError)
     end
   end
   
   context ".verify32" do
-    let (:msg) { Crypto::Util.zeros(32) }
-    let (:identical_msg) { Crypto::Util.zeros(32) }
-    let (:other_msg) { Crypto::Util.zeros(31) + "\001" }
-    let (:short_msg) { Crypto::Util.zeros(31) }
-    let (:long_msg) { Crypto::Util.zeros(33) }
+    let (:msg) { RbNaCl::Util.zeros(32) }
+    let (:identical_msg) { RbNaCl::Util.zeros(32) }
+    let (:other_msg) { RbNaCl::Util.zeros(31) + "\001" }
+    let (:short_msg) { RbNaCl::Util.zeros(31) }
+    let (:long_msg) { RbNaCl::Util.zeros(33) }
 
     it "confirms identical messages are identical" do
-      Crypto::Util.verify32(msg, identical_msg).should be true
+      RbNaCl::Util.verify32(msg, identical_msg).should be true
     end
 
     it "confirms non-identical messages are non-identical" do
-      Crypto::Util.verify32(msg, other_msg).should be false
-      Crypto::Util.verify32(other_msg, msg).should be false
-      Crypto::Util.verify32(short_msg, msg).should be false
-      Crypto::Util.verify32(msg, short_msg).should be false
-      Crypto::Util.verify32(long_msg, msg).should be false
-      Crypto::Util.verify32(msg, long_msg).should be false
+      RbNaCl::Util.verify32(msg, other_msg).should be false
+      RbNaCl::Util.verify32(other_msg, msg).should be false
+      RbNaCl::Util.verify32(short_msg, msg).should be false
+      RbNaCl::Util.verify32(msg, short_msg).should be false
+      RbNaCl::Util.verify32(long_msg, msg).should be false
+      RbNaCl::Util.verify32(msg, long_msg).should be false
     end
 
   end
 
   context ".verify16!" do
-    let (:msg) { Crypto::Util.zeros(16) }
-    let (:identical_msg) { Crypto::Util.zeros(16) }
-    let (:other_msg) { Crypto::Util.zeros(15) + "\001" }
-    let (:short_msg) { Crypto::Util.zeros(15) }
-    let (:long_msg) { Crypto::Util.zeros(17) }
+    let (:msg) { RbNaCl::Util.zeros(16) }
+    let (:identical_msg) { RbNaCl::Util.zeros(16) }
+    let (:other_msg) { RbNaCl::Util.zeros(15) + "\001" }
+    let (:short_msg) { RbNaCl::Util.zeros(15) }
+    let (:long_msg) { RbNaCl::Util.zeros(17) }
 
     it "confirms identical messages are identical" do
-      Crypto::Util.verify16!(msg, identical_msg).should be true
+      RbNaCl::Util.verify16!(msg, identical_msg).should be true
     end
 
     it "confirms non-identical messages are non-identical" do
-      Crypto::Util.verify16!(msg, other_msg).should be false
-      Crypto::Util.verify16!(other_msg, msg).should be false
+      RbNaCl::Util.verify16!(msg, other_msg).should be false
+      RbNaCl::Util.verify16!(other_msg, msg).should be false
     end
 
     it "raises descriptively on a short message in position 1" do
-      expect { Crypto::Util.verify16!(short_msg, msg) }.to raise_error(Crypto::LengthError)
+      expect { RbNaCl::Util.verify16!(short_msg, msg) }.to raise_error(RbNaCl::LengthError)
     end
     it "raises descriptively on a short message in position 2" do
-      expect { Crypto::Util.verify16!(msg, short_msg) }.to raise_error(Crypto::LengthError)
+      expect { RbNaCl::Util.verify16!(msg, short_msg) }.to raise_error(RbNaCl::LengthError)
     end
     it "raises descriptively on a long message in position 1" do
-      expect { Crypto::Util.verify16!(long_msg, msg) }.to raise_error(Crypto::LengthError)
+      expect { RbNaCl::Util.verify16!(long_msg, msg) }.to raise_error(RbNaCl::LengthError)
     end
     it "raises descriptively on a long message in position 2" do
-      expect { Crypto::Util.verify16!(msg, long_msg) }.to raise_error(Crypto::LengthError)
+      expect { RbNaCl::Util.verify16!(msg, long_msg) }.to raise_error(RbNaCl::LengthError)
     end
   end
   
   context ".verify16" do
-    let (:msg) { Crypto::Util.zeros(16) }
-    let (:identical_msg) { Crypto::Util.zeros(16) }
-    let (:other_msg) { Crypto::Util.zeros(15) + "\001" }
-    let (:short_msg) { Crypto::Util.zeros(15) }
-    let (:long_msg) { Crypto::Util.zeros(17) }
+    let (:msg) { RbNaCl::Util.zeros(16) }
+    let (:identical_msg) { RbNaCl::Util.zeros(16) }
+    let (:other_msg) { RbNaCl::Util.zeros(15) + "\001" }
+    let (:short_msg) { RbNaCl::Util.zeros(15) }
+    let (:long_msg) { RbNaCl::Util.zeros(17) }
 
     it "confirms identical messages are identical" do
-      Crypto::Util.verify16(msg, identical_msg).should be true
+      RbNaCl::Util.verify16(msg, identical_msg).should be true
     end
 
     it "confirms non-identical messages are non-identical" do
-      Crypto::Util.verify16(msg, other_msg).should be false
-      Crypto::Util.verify16(other_msg, msg).should be false
-      Crypto::Util.verify16(short_msg, msg).should be false
-      Crypto::Util.verify16(msg, short_msg).should be false
-      Crypto::Util.verify16(long_msg, msg).should be false
-      Crypto::Util.verify16(msg, long_msg).should be false
+      RbNaCl::Util.verify16(msg, other_msg).should be false
+      RbNaCl::Util.verify16(other_msg, msg).should be false
+      RbNaCl::Util.verify16(short_msg, msg).should be false
+      RbNaCl::Util.verify16(msg, short_msg).should be false
+      RbNaCl::Util.verify16(long_msg, msg).should be false
+      RbNaCl::Util.verify16(msg, long_msg).should be false
     end
   end
+
   context "check_length" do
     it "accepts strings of the correct length" do
-      expect { Crypto::Util.check_length("A"*4, 4, "Test String") }.not_to raise_error
+      expect { RbNaCl::Util.check_length("A"*4, 4, "Test String") }.not_to raise_error
     end
     it "rejects strings which are too short" do
-      expect { Crypto::Util.check_length("A"*3, 4, "Test String") }.to raise_error(Crypto::LengthError, "Test String was 3 bytes (Expected 4)")
+      expect { RbNaCl::Util.check_length("A"*3, 4, "Test String") }.to raise_error(RbNaCl::LengthError, "Test String was 3 bytes (Expected 4)")
     end
     it "rejects strings which are too long" do
-      expect { Crypto::Util.check_length("A"*5, 4, "Test String") }.to raise_error(Crypto::LengthError, "Test String was 5 bytes (Expected 4)")
+      expect { RbNaCl::Util.check_length("A"*5, 4, "Test String") }.to raise_error(RbNaCl::LengthError, "Test String was 5 bytes (Expected 4)")
     end
     it "rejects nil strings" do
-      expect { Crypto::Util.check_length(nil, 4, "Test String") }.to raise_error(Crypto::LengthError, "Test String was nil (Expected 4)")
+      expect { RbNaCl::Util.check_length(nil, 4, "Test String") }.to raise_error(RbNaCl::LengthError, "Test String was nil (Expected 4)")
+    end
+  end
+
+  context "hex encoding" do
+    let (:bytes) { [0xDE,0xAD,0xBE,0xEF].pack('c*') }
+    let (:hex)   { "deadbeef" }
+
+    it "encodes to hex with bin2hex" do
+      RbNaCl::Util.bin2hex(bytes).should eq hex
+    end
+
+    it "decodes from hex with hex2bin" do
+      RbNaCl::Util.hex2bin(hex).should eq bytes
     end
   end
 end

data/spec/shared/authenticator.rb

@@ -1,29 +1,27 @@
 # encoding: binary
 shared_examples "authenticator" do
-  let (:hex_key) { hex_vector  :auth_key }
-  let (:key)     { test_vector :auth_key }
-  let (:message) { test_vector :auth_message }
-  let (:tag)     { hex2bytes hex_tag  }
+  let (:key)     { vector :auth_key }
+  let (:message) { vector :auth_message }
 
   context ".new" do
     it "accepts a key" do
-      expect { described_class.new(key)  }.to_not raise_error(ArgumentError)
+      expect { described_class.new(key) }.to_not raise_error(ArgumentError)
     end
 
     it "requires a key" do
-      expect { described_class.new  }.to raise_error(ArgumentError)
+      expect { described_class.new }.to raise_error(ArgumentError)
     end
 
-    it "raises on a nil key" do
-      expect { described_class.new(nil)  }.to raise_error(ArgumentError)
+    it "raises TypeError on a nil key" do
+      expect { described_class.new(nil) }.to raise_error(TypeError)
     end
 
-    it "raises on a key which is too long" do
-      expect { described_class.new("\0"*33)  }.to raise_error(ArgumentError)
+    it "raises ArgumentError on a key which is too long" do
+      expect { described_class.new("\0"*33) }.to raise_error(ArgumentError)
     end
 
-    it "raises on a key which is too short" do
-      expect { described_class.new("\0"*31)  }.to raise_error(ArgumentError)
+    it "raises ArgumentError on a key which is too short" do
+      expect { described_class.new("\0"*31) }.to raise_error(ArgumentError)
     end
   end
 
@@ -32,36 +30,38 @@ shared_examples "authenticator" do
       described_class.auth(key, message).should eq tag
     end
 
-    it "raises on a nil key" do
-      expect { described_class.auth(nil, message)  }.to raise_error(ArgumentError)
+    it "raises TypeError on a nil key" do
+      expect { described_class.auth(nil, message) }.to raise_error(TypeError)
     end
 
-    it "raises on a key which is too long" do
-      expect { described_class.auth("\0"*33, message)  }.to raise_error(ArgumentError)
+    it "raises ArgumentError on a key which is too long" do
+      expect { described_class.auth("\0"*33, message) }.to raise_error(ArgumentError)
     end
   end
 
   context ".verify" do
     it "verify an authenticator" do
-      described_class.verify(key, message, tag).should eq true
+      described_class.verify(key, tag, message).should eq true
     end
 
-    it "raises on a nil key" do
-      expect { described_class.verify(nil, message, tag)  }.to raise_error(ArgumentError)
+    it "raises TypeError on a nil key" do
+      expect { described_class.verify(nil, tag, message) }.to raise_error(TypeError)
     end
 
-    it "raises on a key which is too long" do
-      expect { described_class.verify("\0"*33, message, tag)  }.to raise_error(ArgumentError)
+    it "raises ArgumentError on a key which is too long" do
+      expect { described_class.verify("\0"*33, tag, message) }.to raise_error(ArgumentError)
     end
 
     it "fails to validate an invalid authenticator" do
-      described_class.verify(key, message+"\0", tag ).should be false
+      described_class.verify(key, tag, message+"\0").should be false
     end
+
     it "fails to validate a short authenticator" do
-      described_class.verify(key, message, tag[0,tag.bytesize - 2]).should be false
+      described_class.verify(key, tag[0,tag.bytesize - 2], message).should be false
     end
+
     it "fails to validate a long authenticator" do
-      described_class.verify(key, message, tag+"\0").should be false
+      described_class.verify(key, tag+"\0", message).should be false
     end
   end
 
@@ -73,41 +73,23 @@ shared_examples "authenticator" do
       it "produces an authenticator" do
         authenticator.auth(message).should eq tag
       end
-
-      it "produces a hex encoded authenticator" do
-        authenticator.auth(message, :hex).should eq hex_tag
-      end
     end
 
     context "#verify" do
-      context "raw bytes" do
-        it "verifies an authenticator" do
-          authenticator.verify(message, tag).should be true
-        end
-        it "fails to validate an invalid authenticator" do
-          authenticator.verify(tag, message+"\0").should be false
-        end
-        it "fails to validate a short authenticator" do
-          authenticator.verify(tag[0,tag.bytesize - 2], message).should be false
-        end
-        it "fails to validate a long authenticator" do
-          authenticator.verify(tag+"\0", message).should be false
-        end
+      it "verifies an authenticator" do
+        authenticator.verify(tag, message).should be true
+      end
+
+      it "fails to validate an invalid authenticator" do
+        authenticator.verify(tag, message+"\0").should be false
+      end
+
+      it "fails to validate a short authenticator" do
+        authenticator.verify(tag[0,tag.bytesize - 2], message).should be false
       end
 
-      context "hex" do
-        it "verifies an hexencoded authenticator" do
-          authenticator.verify(message, hex_tag, :hex).should be true
-        end
-        it "fails to validate an invalid authenticator" do
-          authenticator.verify(message+"\0", hex_tag , :hex).should be false
-        end
-        it "fails to validate a short authenticator" do
-          authenticator.verify( message, hex_tag[0,hex_tag.bytesize - 2], :hex).should be false
-        end
-        it "fails to validate a long authenticator" do
-          authenticator.verify(message, hex_tag+"00", :hex).should be false
-        end
+      it "fails to validate a long authenticator" do
+        authenticator.verify(tag+"\0", message).should be false
       end
     end
   end

data/spec/shared/box.rb

@@ -3,12 +3,12 @@
 require 'spec_helper'
 
 shared_examples "box" do
-  let(:nonce) { test_vector :box_nonce }
+  let(:nonce) { vector :box_nonce }
   let(:invalid_nonce) { nonce[0,12]  } # too short!
   let(:invalid_nonce_long) { nonce + nonce  } # too long!
-  let(:message)    { test_vector :box_message }
-  let(:ciphertext) { test_vector :box_ciphertext }
-  let (:nonce_error_regex) { /Nonce.*(Expected #{Crypto::NaCl::NONCEBYTES})/ }
+  let(:message)    { vector :box_message }
+  let(:ciphertext) { vector :box_ciphertext }
+  let (:nonce_error_regex) { /Nonce.*(Expected #{box.nonce_bytes})/ }
   let(:corrupt_ciphertext) { ciphertext[80] = " " } # picked at random by fair diceroll
 
   context "box" do
@@ -18,11 +18,11 @@ shared_examples "box" do
     end
 
     it "raises on a short nonce" do
-      expect { box.box(invalid_nonce, message) }.to raise_error(Crypto::LengthError, nonce_error_regex)
+      expect { box.box(invalid_nonce, message) }.to raise_error(RbNaCl::LengthError, nonce_error_regex)
     end
 
     it "raises on a long nonce" do
-      expect { box.box(invalid_nonce_long, message) }.to raise_error(Crypto::LengthError, nonce_error_regex)
+      expect { box.box(invalid_nonce_long, message) }.to raise_error(RbNaCl::LengthError, nonce_error_regex)
     end
   end
 
@@ -33,19 +33,19 @@ shared_examples "box" do
     end
 
     it "raises on a truncated message to decrypt" do
-      expect { box.open(nonce, ciphertext[0, 64]) }.to raise_error(Crypto::CryptoError, /Decryption failed. Ciphertext failed verification./)
+      expect { box.open(nonce, ciphertext[0, 64]) }.to raise_error(RbNaCl::CryptoError, /Decryption failed. Ciphertext failed verification./)
     end
 
     it "raises on a corrupt ciphertext" do
-      expect { box.open(nonce, corrupt_ciphertext) }.to raise_error(Crypto::CryptoError, /Decryption failed. Ciphertext failed verification./)
+      expect { box.open(nonce, corrupt_ciphertext) }.to raise_error(RbNaCl::CryptoError, /Decryption failed. Ciphertext failed verification./)
     end
 
     it "raises on a short nonce" do
-      expect { box.open(invalid_nonce, message) }.to raise_error(Crypto::LengthError, nonce_error_regex)
+      expect { box.open(invalid_nonce, message) }.to raise_error(RbNaCl::LengthError, nonce_error_regex)
     end
 
     it "raises on a long nonce" do
-      expect { box.open(invalid_nonce_long, message) }.to raise_error(Crypto::LengthError, nonce_error_regex)
+      expect { box.open(invalid_nonce_long, message) }.to raise_error(RbNaCl::LengthError, nonce_error_regex)
     end
   end
 end