rbnacl 1.1.0 → 2.0.0.pre

data/spec/shared/key_equality.rb

@@ -8,7 +8,7 @@ shared_examples "key equality" do
       (key == key_bytes).should be true
     end
     it "keys are not equal to zero" do
-      (key == Crypto::Util.zeros(32)).should be false
+      (key == RbNaCl::Util.zeros(32)).should be false
     end
     it "keys are not equal to another key" do
       (key == other_key).should be false
@@ -17,10 +17,10 @@ shared_examples "key equality" do
 
   context "lexicographic sorting" do
     it "can be compared lexicographically to a key smaller than it" do
-      (key > Crypto::Util.zeros(32)).should be true
+      (key > RbNaCl::Util.zeros(32)).should be true
     end
     it "can be compared lexicographically to a key larger than it" do
-      (described_class.new(Crypto::Util.zeros(32)) < key).should be true
+      (described_class.new(RbNaCl::Util.zeros(32)) < key).should be true
     end
   end
 end

data/spec/shared/serializable.rb

@@ -0,0 +1,17 @@
+# encoding: binary
+
+shared_examples "serializable" do
+  context "serialization" do
+    it "supports #to_s" do
+      expect(subject.to_s).to be_a String
+    end
+
+    it "supports #to_str" do
+      expect(subject.to_str).to be_a String
+    end
+
+    it "supports #inspect" do
+      expect(subject.inspect).to be_a String
+    end
+  end
+end

data/spec/spec_helper.rb

@@ -1,26 +1,24 @@
 # encoding: binary
-require 'rubygems'
+require 'coveralls'
+Coveralls.wear!
+
+# Run the specs prior to running the self-test
+$RBNACL_SELF_TEST = false
+
 require 'bundler/setup'
 require 'rbnacl'
 require 'shared/box'
 require 'shared/authenticator'
 require 'shared/key_equality'
-require 'coveralls'
-
-Coveralls.wear!
-
-def hex2bytes(hex)
-  Crypto::Encoder[:hex].decode(hex)
-end
-
-def bytes2hex(bytes)
-  Crypto::Encoder[:hex].encode(bytes)
-end
+require 'shared/serializable'
 
-def test_vector(name)
-  hex2bytes(hex_vector(name))
+def vector(name)
+  [RbNaCl::TestVectors[name]].pack("H*")
 end
 
-def hex_vector(name)
-  Crypto::TestVectors[name]
+RSpec.configure do |config|
+  config.after :all do
+    # Run the self-test after all the specs have passed
+    require 'rbnacl/self_test'
+  end
 end

data/tasks/rspec.rake

@@ -1,3 +1,4 @@
+gem 'rspec'
 require 'rspec/core/rake_task'
 
 RSpec::Core::RakeTask.new

metadata

@@ -1,37 +1,15 @@
 --- !ruby/object:Gem::Specification
 name: rbnacl
 version: !ruby/object:Gem::Version
-  version: 1.1.0
+  version: 2.0.0.pre
 platform: ruby
 authors:
 - Tony Arcieri
 - Jonathan Stott
 autorequire: 
 bindir: bin
-cert_chain:
-- |
-  -----BEGIN CERTIFICATE-----
-  MIIDbDCCAlSgAwIBAgIBATANBgkqhkiG9w0BAQUFADA+MRAwDgYDVQQDDAdiYXNj
-  dWxlMRUwEwYKCZImiZPyLGQBGRYFZ21haWwxEzARBgoJkiaJk/IsZAEZFgNjb20w
-  HhcNMTMwMzA4MDYwNzA1WhcNMTQwMzA4MDYwNzA1WjA+MRAwDgYDVQQDDAdiYXNj
-  dWxlMRUwEwYKCZImiZPyLGQBGRYFZ21haWwxEzARBgoJkiaJk/IsZAEZFgNjb20w
-  ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC8S9Y1eahE5w/b0P1jVbO4
-  nZbGwJGnGUTPPujZZfCXdkJu1pa8MvsU+pzgm051/yy9bWUp5eMTIjP9Qg+v92gK
-  bfjiUoVwAqISW7zD98gbXwdOgcbCjPFfdP7XmAlxbmq0/T+kYXVngfYo737SukWz
-  /3LLzfmtzBAZipJhTL3EAvlD2O2n2m/JARtxUwHjohd5199BBrSgbjKBXrbZ159F
-  rJzDZef9SLCeXbVL218C4Z4Yf3QvOAvlkBQbYZmD0jnivAvXaoylZnCgIpGUnEiA
-  C3raBW2/zMeKZC7dxygqezxwKiA/u4rxeCK3XDwYlRkF35UtAyIbIJYGODJL4MR9
-  AgMBAAGjdTBzMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgSwMB0GA1UdDgQWBBRP3DGA
-  NBCsdSMAHGzKpylnYy90ejAcBgNVHREEFTATgRFiYXNjdWxlQGdtYWlsLmNvbTAc
-  BgNVHRIEFTATgRFiYXNjdWxlQGdtYWlsLmNvbTANBgkqhkiG9w0BAQUFAAOCAQEA
-  NhP3rks+x49coXHS0vPPxXb7V0HDnuYP5R+pN1+T2Z7D4qwJKjEF4EC8mQYtwcNe
-  Qquz1t9Uxtr7i3QqjnwhNKlIVig1nikNF+FnApjYs4mwAtMHn77WOwx8wkn7ykej
-  7sF7dRE+BLgpJ88/ycnA6zsEiSQVcIMDVpiYUqUBx+MDNnq5jw5dI0Kct8vBirNA
-  QiZB6YQD1raVKUTpRubo4i0SnGpbMSxMy+YreqwNQiWG9iWCbp0JJWaOPSYTeQHe
-  3L/NVZQttSvxjd+WF6mA9yeCjpomboQMP36GRIZ30SoOVPMGvZ/+QpW52QU7mJW5
-  GzWyf92p0uscgUZVTYixjg==
-  -----END CERTIFICATE-----
-date: 2013-04-19 00:00:00.000000000 Z
+cert_chain: []
+date: 2013-10-24 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: ffi
@@ -67,14 +45,14 @@ dependencies:
     requirements:
     - - '>='
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '2.14'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '>='
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '2.14'
 description: Ruby binding to the Networking and Cryptography (NaCl) library
 email:
 - tony.arcieri@gmail.com
@@ -90,6 +68,7 @@ files:
 - .yardopts
 - CHANGES.md
 - Gemfile
+- Guardfile
 - LICENSE.txt
 - README.md
 - Rakefile
@@ -100,55 +79,53 @@ files:
 - images/logo.png
 - lib/rbnacl.rb
 - lib/rbnacl/auth.rb
-- lib/rbnacl/auth/one_time.rb
-- lib/rbnacl/box.rb
-- lib/rbnacl/encoder.rb
-- lib/rbnacl/encoders/base32.rb
-- lib/rbnacl/encoders/base64.rb
-- lib/rbnacl/encoders/hex.rb
-- lib/rbnacl/encoders/raw.rb
+- lib/rbnacl/boxes/curve25519xsalsa20poly1305.rb
+- lib/rbnacl/boxes/curve25519xsalsa20poly1305/private_key.rb
+- lib/rbnacl/boxes/curve25519xsalsa20poly1305/public_key.rb
+- lib/rbnacl/group_elements/curve25519.rb
 - lib/rbnacl/hash.rb
+- lib/rbnacl/hash/blake2b.rb
+- lib/rbnacl/hash/sha256.rb
+- lib/rbnacl/hash/sha512.rb
 - lib/rbnacl/hmac/sha256.rb
 - lib/rbnacl/hmac/sha512256.rb
-- lib/rbnacl/keys/key_comparator.rb
-- lib/rbnacl/keys/private_key.rb
-- lib/rbnacl/keys/public_key.rb
-- lib/rbnacl/keys/signing_key.rb
-- lib/rbnacl/keys/verify_key.rb
-- lib/rbnacl/nacl.rb
-- lib/rbnacl/point.rb
+- lib/rbnacl/init.rb
+- lib/rbnacl/key_comparator.rb
+- lib/rbnacl/one_time_auths/poly1305.rb
 - lib/rbnacl/rake_tasks.rb
 - lib/rbnacl/random.rb
 - lib/rbnacl/random_nonce_box.rb
-- lib/rbnacl/secret_box.rb
+- lib/rbnacl/secret_boxes/xsalsa20poly1305.rb
 - lib/rbnacl/self_test.rb
 - lib/rbnacl/serializable.rb
+- lib/rbnacl/signatures/ed25519.rb
+- lib/rbnacl/signatures/ed25519/signing_key.rb
+- lib/rbnacl/signatures/ed25519/verify_key.rb
+- lib/rbnacl/sodium.rb
 - lib/rbnacl/test_vectors.rb
 - lib/rbnacl/util.rb
 - lib/rbnacl/version.rb
 - rbnacl.gemspec
 - rbnacl.gpg
-- spec/rbnacl/auth/one_time_spec.rb
-- spec/rbnacl/box_spec.rb
-- spec/rbnacl/encoder_spec.rb
-- spec/rbnacl/encoders/base32_spec.rb
-- spec/rbnacl/encoders/base64_spec.rb
-- spec/rbnacl/encoders/hex_spec.rb
+- spec/rbnacl/authenticators/poly1305_spec.rb
+- spec/rbnacl/boxes/curve25519xsalsa20poly1305/private_key_spec.rb
+- spec/rbnacl/boxes/curve25519xsalsa20poly1305/public_key_spec.rb
+- spec/rbnacl/boxes/curve25519xsalsa20poly1305_spec.rb
+- spec/rbnacl/group_element_spec.rb
+- spec/rbnacl/hash/blake2b_spec.rb
 - spec/rbnacl/hash_spec.rb
 - spec/rbnacl/hmac/sha256_spec.rb
 - spec/rbnacl/hmac/sha512256_spec.rb
-- spec/rbnacl/keys/private_key_spec.rb
-- spec/rbnacl/keys/public_key_spec.rb
-- spec/rbnacl/keys/signing_key_spec.rb
-- spec/rbnacl/keys/verify_key_spec.rb
-- spec/rbnacl/point_spec.rb
 - spec/rbnacl/random_nonce_box_spec.rb
 - spec/rbnacl/random_spec.rb
 - spec/rbnacl/secret_box_spec.rb
+- spec/rbnacl/signatures/ed25519/signing_key_spec.rb
+- spec/rbnacl/signatures/ed25519/verify_key_spec.rb
 - spec/rbnacl/util_spec.rb
 - spec/shared/authenticator.rb
 - spec/shared/box.rb
 - spec/shared/key_equality.rb
+- spec/shared/serializable.rb
 - spec/spec_helper.rb
 - tasks/ci.rake
 - tasks/rspec.rake
@@ -166,36 +143,34 @@ required_ruby_version: !ruby/object:Gem::Requirement
       version: '0'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - '>='
+  - - '>'
     - !ruby/object:Gem::Version
-      version: '0'
+      version: 1.3.1
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.0.2
+rubygems_version: 2.0.6
 signing_key: 
 specification_version: 4
 summary: The Networking and Cryptography (NaCl) library provides a high-level toolkit
   for building cryptographic systems and protocols
 test_files:
-- spec/rbnacl/auth/one_time_spec.rb
-- spec/rbnacl/box_spec.rb
-- spec/rbnacl/encoder_spec.rb
-- spec/rbnacl/encoders/base32_spec.rb
-- spec/rbnacl/encoders/base64_spec.rb
-- spec/rbnacl/encoders/hex_spec.rb
+- spec/rbnacl/authenticators/poly1305_spec.rb
+- spec/rbnacl/boxes/curve25519xsalsa20poly1305/private_key_spec.rb
+- spec/rbnacl/boxes/curve25519xsalsa20poly1305/public_key_spec.rb
+- spec/rbnacl/boxes/curve25519xsalsa20poly1305_spec.rb
+- spec/rbnacl/group_element_spec.rb
+- spec/rbnacl/hash/blake2b_spec.rb
 - spec/rbnacl/hash_spec.rb
 - spec/rbnacl/hmac/sha256_spec.rb
 - spec/rbnacl/hmac/sha512256_spec.rb
-- spec/rbnacl/keys/private_key_spec.rb
-- spec/rbnacl/keys/public_key_spec.rb
-- spec/rbnacl/keys/signing_key_spec.rb
-- spec/rbnacl/keys/verify_key_spec.rb
-- spec/rbnacl/point_spec.rb
 - spec/rbnacl/random_nonce_box_spec.rb
 - spec/rbnacl/random_spec.rb
 - spec/rbnacl/secret_box_spec.rb
+- spec/rbnacl/signatures/ed25519/signing_key_spec.rb
+- spec/rbnacl/signatures/ed25519/verify_key_spec.rb
 - spec/rbnacl/util_spec.rb
 - spec/shared/authenticator.rb
 - spec/shared/box.rb
 - spec/shared/key_equality.rb
+- spec/shared/serializable.rb
 - spec/spec_helper.rb

data.tar.gz.sig

@@ -1,3 +0,0 @@
-T\r�
-��*=(�#?���x(�=�����D�k⚂n��~�I����T�l�TL�x�@aɰ��?X^�C1p�f��i���抰s�ֹ���&tADZ"�z<ڊT9�k�w����h�_5���¾��U�lq��l0,�:�L�t�y���Y��x�'�Z���ÿ����*�5��<bjÅ *H� ���B�sY����4��gA�:c~�
-��T���,�b	�+��(���g�.��@.I�֩���1cR3m����d

data/lib/rbnacl/box.rb

@@ -1,171 +0,0 @@
-# encoding: binary
-module Crypto
-  # The Box class boxes and unboxes messages between a pair of keys
-  #
-  # This class uses the given public and secret keys to derive a shared key,
-  # which is used with the nonce given to encrypt the given messages and
-  # decrypt the given ciphertexts.  The same shared key will generated from
-  # both pairing of keys, so given two keypairs belonging to alice (pkalice,
-  # skalice) and bob(pkbob, skbob), the key derived from (pkalice, skbob) with
-  # equal that from (pkbob, skalice).  This is how the system works:
-  #
-  # @example
-  #   # On bob's system
-  #   bobkey = Crypto::PrivateKey.generate
-  #   #=> #<Crypto::PrivateKey ...>
-  #
-  #   # send bobkey.public_key to alice
-  #   # recieve alice's public key, alicepk
-  #   # NB: This is actually the hard part of the system.  How to do it securely
-  #   # is left as an exercise to for the reader.
-  #   alice_pubkey = "..."
-  #
-  #   # make a box
-  #   alicebob_box = Crypto::Box.new(alice_pubkey, bobkey)
-  #   #=> #<Crypto::Box ...>
-  #
-  #   # encrypt a message to alice
-  #   cipher_text = alicebob_box.box("A bad example of a nonce", "Hello, Alice!")
-  #   #=> "..." # a string of bytes, 29 bytes long
-  #
-  #   # send ["A bad example of a nonce", cipher_text] to alice
-  #   # note that nonces don't have to be secret
-  #   # receive [nonce, cipher_text_to_bob] from alice
-  #
-  #   # decrypt the reply
-  #   # Alice has been a little more sensible than bob, and has a random nonce
-  #   # that is too fiddly to type here.  But there are other choices than just
-  #   # random
-  #   plain_text = alicebob_box.open(nonce, cipher_text_to_bob)
-  #   #=> "Hey there, Bob!"
-  #
-  #   # we have a new message!
-  #   # But Eve has tampered with this message, by flipping some bytes around!
-  #   # [nonce2, cipher_text_to_bob_honest_love_eve]
-  #   alicebob_box.open(nonce2, cipher_text_to_bob_honest_love_eve)
-  #
-  #   # BOOM!
-  #   # Bob gets a Crypto::CryptoError to deal with!
-  #
-  # It is VITALLY important that the nonce is a nonce, i.e. it is a number used
-  # only once for any given pair of keys.  If you fail to do this, you
-  # compromise the privacy of the the messages encrypted.  Also, bear in mind
-  # the property mentioned just above. Give your nonces a different prefix, or
-  # have one side use an odd counter and one an even counter.  Just make sure
-  # they are different.
-  #
-  # The ciphertexts generated by this class include a 16-byte authenticator which
-  # is checked as part of the decryption.  An invalid authenticator will cause
-  # the unbox function to raise.  The authenticator is not a signature.  Once
-  # you've looked in the box, you've demonstrated the ability to create
-  # arbitrary valid messages, so messages you send are repudiatable.  For
-  # non-repudiatable messages, sign them before or after encryption.
-  class Box
-
-    # Number of bytes in a Box nonce
-    NONCEBYTES = NaCl::CURVE25519_XSALSA20_POLY1305_BOX_NONCEBYTES
-
-    # Create a new Box
-    #
-    # Sets up the Box for deriving the shared key and encrypting and
-    # decrypting messages.
-    #
-    # @param public_key [String,Crypto::PublicKey] The public key to encrypt to
-    # @param private_key [String,Crypto::PrivateKey] The private key to encrypt with
-    # @param encoding [Symbol] Parse keys from the given encoding
-    #
-    # @raise [Crypto::LengthError] on invalid keys
-    #
-    # @return [Crypto::Box] The new Box, ready to use
-    def initialize(public_key, private_key, encoding = :raw)
-      @public_key   = PublicKey  === public_key  ? public_key  : PublicKey.new(public_key, encoding)
-      @private_key  = PrivateKey === private_key ? private_key : PrivateKey.new(private_key, encoding)
-      raise IncorrectPrimitiveError unless @public_key.primitive == primitive && @private_key.primitive == primitive
-    end
-
-    # Encrypts a message
-    #
-    # Encrypts the message with the given nonce to the keypair set up when
-    # initializing the class.  Make sure the nonce is unique for any given
-    # keypair, or you might as well just send plain text.
-    #
-    # This function takes care of the padding required by the NaCL C API.
-    #
-    # @param nonce [String] A 24-byte string containing the nonce.
-    # @param message [String] The message to be encrypted.
-    #
-    # @raise [Crypto::LengthError] If the nonce is not valid
-    #
-    # @return [String] The ciphertext without the nonce prepended (BINARY encoded)
-    def box(nonce, message)
-      Util.check_length(nonce, nonce_bytes, "Nonce")
-      msg = Util.prepend_zeros(NaCl::ZEROBYTES, message)
-      ct  = Util.zeros(msg.bytesize)
-
-      NaCl.crypto_box_curve25519_xsalsa20_poly1305_afternm(ct, msg, msg.bytesize, nonce, beforenm) || raise(CryptoError, "Encryption failed")
-      Util.remove_zeros(NaCl::BOXZEROBYTES, ct)
-    end
-    alias encrypt box
-
-    # Decrypts a ciphertext
-    #
-    # Decrypts the ciphertext with the given nonce using the keypair setup when
-    # initializing the class.
-    #
-    # This function takes care of the padding required by the NaCL C API.
-    #
-    # @param nonce [String] A 24-byte string containing the nonce.
-    # @param ciphertext [String] The message to be decrypted.
-    #
-    # @raise [Crypto::LengthError] If the nonce is not valid
-    # @raise [Crypto::CryptoError] If the ciphertext cannot be authenticated.
-    #
-    # @return [String] The decrypted message (BINARY encoded)
-    def open(nonce, ciphertext)
-      Util.check_length(nonce, nonce_bytes, "Nonce")
-      ct = Util.prepend_zeros(NaCl::BOXZEROBYTES, ciphertext)
-      message  = Util.zeros(ct.bytesize)
-
-      NaCl.crypto_box_curve25519_xsalsa20_poly1305_open_afternm(message, ct, ct.bytesize, nonce, beforenm) || raise(CryptoError, "Decryption failed. Ciphertext failed verification.")
-      Util.remove_zeros(NaCl::ZEROBYTES, message)
-    end
-    alias decrypt open
-
-    # The crypto primitive for the box class
-    #
-    # @return [Symbol] The primitive used
-    def self.primitive
-      :curve25519_xsalsa20_poly1305
-    end
-
-    # The crypto primitive for the box class
-    #
-    # @return [Symbol] The primitive used
-    def primitive
-      self.class.primitive
-    end
-
-    # The nonce bytes for the box class
-    #
-    # @return [Integer] The number of bytes in a valid nonce
-    def self.nonce_bytes
-      NONCEBYTES
-    end
-
-    # The nonce bytes for the box instance
-    #
-    # @return [Integer] The number of bytes in a valid nonce
-    def nonce_bytes
-      NONCEBYTES
-    end
-
-    private
-    def beforenm
-      @k ||= begin
-               k = Util.zeros(NaCl::CURVE25519_XSALSA20_POLY1305_BOX_BEFORENMBYTES)
-               NaCl.crypto_box_curve25519_xsalsa20_poly1305_beforenm(k, @public_key.to_s, @private_key.to_s) || raise(CryptoError, "Failed to derive shared key")
-               k
-             end
-    end
-  end
-end