rbnacl 1.1.0 → 2.0.0.pre

data/lib/rbnacl/encoder.rb

@@ -1,44 +0,0 @@
-# encoding: binary
-module Crypto
-  # Encoders can be used to serialize or deserialize keys, ciphertexts, hashes,
-  # and signatures. To provide an encoder, simply subclass Encoder and call the
-  # register class method, then define the encode and decode methods:
-  #
-  #     class CrazysauceEncoder < Crypto::Encoder
-  #       register :crazysauce
-  #
-  #       def encode(string)
-  #         ...
-  #       end
-  #
-  #       def decode(string)
-  #         ...
-  #       end
-  #     end
-  #
-  # Once an encoder has been registered, an instance of it is available via
-  # calling Crypto::Encoder[], e.g. Crypto::Encoder[:hex].encode("foobar")
-  #
-  class Encoder
-    # Hash where encoder objects are stored
-    Registry = {}
-
-    # Register the current class as an encoder
-    def self.register(name)
-      self[name] = self.new
-    end
-
-    # Look up an encoder by the given name
-    def self.[](name)
-      Registry[name.to_sym] or raise ArgumentError, "unsupported encoder: #{name}"
-    end
-
-    # Register an encoder object directly
-    def self.[]=(name, obj)
-      Registry[name.to_sym] = obj
-    end
-
-    def encode(string); raise NotImplementedError, "encoding not implemented"; end
-    def decode(string); raise NotImplementedError, "decoding not implemented"; end
-  end
-end

data/lib/rbnacl/encoders/base32.rb

@@ -1,33 +0,0 @@
-# encoding: binary
-# Requires the base32 gem
-require 'base32'
-
-module Crypto
-  module Encoders
-    # Base64 encoding provider
-    #
-    # Accessable as Crypto::Encoder[:base64]
-    #
-    class Base32 < Crypto::Encoder
-      register :base32
-
-      # Base64 encodes a message
-      #
-      # @param [String] bytes The bytes to encode
-      #
-      # @return [String] Lovely, elegant "Zooko-style" Base32
-      def encode(bytes)
-        ::Base32.encode(bytes.to_s).downcase
-      end
-
-      # Hex decodes a message
-      #
-      # @param [String] base32 string to decode.
-      #
-      # @return [String] crisp and clean bytes
-      def decode(base32)
-        ::Base32.decode(base32.to_s.upcase)
-      end
-    end
-  end
-end

data/lib/rbnacl/encoders/base64.rb

@@ -1,30 +0,0 @@
-# encoding: binary
-module Crypto
-  module Encoders
-    # Base64 encoding provider
-    #
-    # Accessable as Crypto::Encoder[:base64]
-    #
-    class Base64 < Crypto::Encoder
-      register :base64
-
-      # Base64 encodes a message
-      #
-      # @param [String] bytes The bytes to encode
-      #
-      # @return [String] Clunky old base64
-      def encode(bytes)
-        [bytes.to_s].pack("m").gsub("\n", '')
-      end
-
-      # Hex decodes a message
-      #
-      # @param [String] base64 string to decode.
-      #
-      # @return [String] crisp and clean bytes
-      def decode(base64)
-        base64.to_s.unpack("m").first
-      end
-    end
-  end
-end

data/lib/rbnacl/encoders/hex.rb

@@ -1,30 +0,0 @@
-# encoding: binary
-module Crypto
-  module Encoders
-    # Hex encoding provider
-    #
-    # Accessable as Crypto::Encoder[:hex]
-    #
-    class Hex < Crypto::Encoder
-      register :hex
-
-      # Hex encodes a message
-      #
-      # @param [String] bytes The bytes to encode
-      #
-      # @return [String] Tasty, tasty hexidecimal
-      def encode(bytes)
-        bytes.to_s.unpack("H*").first
-      end
-
-      # Hex decodes a message
-      #
-      # @param [String] hex hex to decode.
-      #
-      # @return [String] crisp and clean bytes
-      def decode(hex)
-        [hex.to_s].pack("H*")
-      end
-    end
-  end
-end

data/lib/rbnacl/encoders/raw.rb

@@ -1,12 +0,0 @@
-# encoding: binary
-module Crypto
-  module Encoders
-    # Raw encoder which only does a string conversion (if necessary)
-    class Raw < Crypto::Encoder
-      register :raw
-
-      def encode(bytes); bytes.to_s; end
-      def decode(bytes); bytes.to_s; end
-    end
-  end
-end

data/lib/rbnacl/keys/signing_key.rb

@@ -1,95 +0,0 @@
-# encoding: binary
-module Crypto
-  # Private key for producing digital signatures using the Ed25519 algorithm.
-  # Ed25519 provides a 128-bit security level, that is to say, all known attacks
-  # take at least 2^128 operations, providing the same security level as
-  # AES-128, NIST P-256, and RSA-3072.
-  #
-  # Signing keys are produced from a 32-byte (256-bit) random seed value.
-  # This value can be passed into the SigningKey constructoras a String
-  # whose bytesize is 32.
-  #
-  # The public VerifyKey can be computed from the private 32-byte seed value
-  # as well, eliminating the need to store a "keypair".
-  #
-  # SigningKey produces 64-byte (512-bit) signatures. The signatures are
-  # deterministic: signing the same message will always produce the same
-  # signature. This prevents "entropy failure" seen in other signature
-  # algorithms like DSA and ECDSA, where poor random number generators can
-  # leak enough information to recover the private key.
-  class SigningKey
-    include KeyComparator
-    include Serializable
-
-    attr_reader :verify_key
-
-    # Generate a random SigningKey
-    #
-    # @return [Crypto::SigningKey] Freshly-generated random SigningKey
-    def self.generate
-      new Crypto::Random.random_bytes(NaCl::ED25519_SEED_BYTES)
-    end
-
-    # Create a SigningKey from a seed value
-    #
-    # @param seed [String] Random 32-byte value (i.e. private key)
-    # @param encoding [Symbol] Parse seed from the given encoding
-    #
-    # @return [Crypto::SigningKey] Key which can sign messages
-    def initialize(seed, encoding = :raw)
-      seed = Encoder[encoding].decode(seed)
-
-      Util.check_length(seed, NaCl::ED25519_SEED_BYTES, "seed")
-
-      pk = Util.zeros(NaCl::ED25519_VERIFYKEY_BYTES)
-      sk = Util.zeros(NaCl::ED25519_SIGNINGKEY_BYTES)
-
-      NaCl.crypto_sign_ed25519_seed_keypair(pk, sk, seed) || raise(CryptoError, "Failed to generate a key pair")
-
-      @seed, @signing_key = seed, sk
-      @verify_key = VerifyKey.new(pk)
-    end
-
-    # Sign a message using this key
-    #
-    # @param message [String] Message to be signed by this key
-    # @param encoding [Symbol] Encode signature in the given format
-    #
-    # @return [String] Signature as bytes
-    def sign(message, encoding = :raw)
-      buffer = Util.prepend_zeros(signature_bytes, message)
-      buffer_len = Util.zeros(FFI::Type::LONG_LONG.size)
-
-      NaCl.crypto_sign_ed25519(buffer, buffer_len, message, message.bytesize, @signing_key)
-
-      signature = buffer[0, signature_bytes]
-      Encoder[encoding].encode(signature)
-    end
-
-    # Return the raw seed value of this key
-    #
-    # @return [String] seed used to create this key
-    def to_bytes; @seed; end
-
-    # The crypto primitive the SigningKey class uses for signatures
-    #
-    # @return [Symbol] The primitive
-    def self.primitive; :ed25519; end
-
-    # The crypto primitive this SigningKey class uses for signatures
-    #
-    # @return [Symbol] The primitive
-    def primitive; self.class.primitive; end
-
-    # The size of signatures generated by the SigningKey class
-    #
-    # @return [Integer] The number of bytes in a signature
-    def self.signature_bytes; NaCl::ED25519_SIGNATUREBYTES; end
-
-    # The size of signatures generated by the SigningKey instance
-    #
-    # @return [Integer] The number of bytes in a signature
-    def signature_bytes; NaCl::ED25519_SIGNATUREBYTES; end
-
-  end
-end

data/lib/rbnacl/keys/verify_key.rb

@@ -1,96 +0,0 @@
-# encoding: binary
-module Crypto
-  # The signature was forged or otherwise corrupt
-  class BadSignatureError < CryptoError; end
-
-  # The public key counterpart to an Ed25519 SigningKey for producing digital
-  # signatures. Like the name says, VerifyKeys can be used to verify that a
-  # given digital signature is authentic.
-  #
-  # For more information on the Ed25519 digital signature system, please see
-  # the SigningKey documentation.
-  class VerifyKey
-    include KeyComparator
-    include Serializable
-
-    # Create a new VerifyKey object from a serialized public key. The key can
-    # be decoded from any serialization format supported by the
-    # Crypto::Encoding system.
-    #
-    # @param key [String] Serialized Ed25519 public key
-    # @param encoding [Symbol] Parse key from the given encoding
-    #
-    # @return [Crypto::SigningKey] Key which can sign messages
-    def initialize(key, encoding = :raw)
-      key = Encoder[encoding].decode(key)
-      Util.check_length(key, NaCl::ED25519_VERIFYKEY_BYTES, "key")
-
-      @key = key
-    end
-
-    # Create a new VerifyKey object from a serialized public key. The key can
-    # be decoded from any serialization format supported by the
-    # Crypto::Encoding system.
-    #
-    # You can remember the argument ordering by "verify message with signature"
-    # It's like a legal document, with the signature at the end.
-    #
-    # @param message [String] Message to be authenticated
-    # @param signature [String] Alleged signature to be checked
-    # @param signature_encoding [Symbol] Parse signature from the given encoding
-    #
-    # @return [Boolean] was the signature authentic?
-    def verify(message, signature, signature_encoding = :raw)
-      signature = Encoder[signature_encoding].decode(signature)
-      Util.check_length(signature, signature_bytes, "signature")
-
-      sig_and_msg = signature + message
-      buffer = Util.zeros(sig_and_msg.bytesize)
-      buffer_len = Util.zeros(FFI::Type::LONG_LONG.size)
-
-      NaCl.crypto_sign_ed25519_open(buffer, buffer_len, sig_and_msg, sig_and_msg.bytesize, @key)
-    end
-
-    # "Dangerous" (but probably safer) verify that raises an exception if a
-    # signature check fails. This is probably less likely to go unnoticed than
-    # an improperly checked verify, as you are forced to deal with the
-    # exception explicitly (and failing signature checks are certainly an
-    # exceptional condition!)
-    #
-    # The arguments are otherwise the same as the verify method.
-    #
-    # @param message [String] Message to be authenticated
-    # @param signature [String] Alleged signature to be checked
-    # @param signature_encoding [Symbol] Parse signature from the given encoding
-    #
-    # @return [true] Will raise BadSignatureError if signature check fails
-    def verify!(message, signature, signature_encoding = :raw)
-      verify(message, signature, signature_encoding) or raise BadSignatureError, "signature was forged/corrupt"
-    end
-
-    # Return the raw key in byte format
-    #
-    # @return [String] raw key as bytes
-    def to_bytes; @key; end
-
-    # The crypto primitive the VerifyKey class uses for signatures
-    #
-    # @return [Symbol] The primitive
-    def self.primitive; :ed25519; end
-
-    # The crypto primitive this VerifyKey class uses for signatures
-    #
-    # @return [Symbol] The primitive
-    def primitive; self.class.primitive; end
-
-    # The size of signatures verified by the VerifyKey class
-    #
-    # @return [Integer] The number of bytes in a signature
-    def self.signature_bytes; NaCl::ED25519_SIGNATUREBYTES; end
-
-    # The size of signatures verified by the VerifyKey instance
-    #
-    # @return [Integer] The number of bytes in a signature
-    def signature_bytes; NaCl::ED25519_SIGNATUREBYTES; end
-  end
-end

data/lib/rbnacl/nacl.rb

@@ -1,146 +0,0 @@
-# encoding: binary
-require 'ffi'
-module Crypto
-  # This module has all the FFI code hanging off it
-  #
-  # And that's all it does, really.
-  #
-  # HERE BE DRAGONS!
-  #
-  # Do **NOT** use constants and methods defined here.  If you do find yourself
-  # needing to, that is a bug in RbNaCl and should be reported.
-  #
-  # @private
-  module NaCl
-    extend FFI::Library
-    ffi_lib 'sodium'
-
-    # Wraps an NaCl function so it returns a sane value
-    #
-    # The NaCl functions generally have an integer return value which is 0 in
-    # the case of success and below 0 if they failed.  This is a bit
-    # inconvinient in ruby, where 0 is a truthy value, so this makes them
-    # return true/false based on success.
-    #
-    # @param [Symbol] name Function name that will return true/false
-    # @param [Symbol] function Function to attach
-    # @param [Array<Symbol>] arguments Array of arguments to the function
-    def self.wrap_nacl_function(name, function, arguments)
-      module_eval <<-eos, __FILE__, __LINE__ + 1
-      attach_function #{function.inspect}, #{arguments.inspect}, :int
-      def self.#{name}(*args)
-        ret = #{function}(*args)
-        ret == 0
-      end
-      eos
-    end
-
-    SHA256BYTES = 32
-    wrap_nacl_function :crypto_hash_sha256,
-                       :crypto_hash_sha256_ref,
-                       [:pointer, :pointer, :long_long]
-
-    SHA512BYTES = 64
-    wrap_nacl_function :crypto_hash_sha512,
-                       :crypto_hash_sha512_ref,
-                       [:pointer, :pointer, :long_long]
-
-    CURVE25519_XSALSA20_POLY1305_PUBLICKEY_BYTES = 32
-    PUBLICKEYBYTES = CURVE25519_XSALSA20_POLY1305_PUBLICKEY_BYTES
-    CURVE25519_XSALSA20_POLY1305_SECRETKEY_BYTES = 32
-    SECRETKEYBYTES = CURVE25519_XSALSA20_POLY1305_SECRETKEY_BYTES
-    wrap_nacl_function :crypto_box_curve25519xsalsa20poly1305_keypair,
-                       :crypto_box_curve25519xsalsa20poly1305_ref_keypair,
-                       [:pointer, :pointer]
-
-    CURVE25519_XSALSA20_POLY1305_BOX_NONCEBYTES    = 24
-    NONCEBYTES     = CURVE25519_XSALSA20_POLY1305_BOX_NONCEBYTES
-    ZEROBYTES      = 32
-    BOXZEROBYTES   = 16
-    CURVE25519_XSALSA20_POLY1305_BOX_BEFORENMBYTES = 32
-
-    wrap_nacl_function :crypto_box_curve25519_xsalsa20_poly1305_beforenm,
-                       :crypto_box_curve25519xsalsa20poly1305_ref_beforenm,
-                       [:pointer, :pointer, :pointer]
-
-    wrap_nacl_function :crypto_box_curve25519_xsalsa20_poly1305_afternm,
-                       :crypto_box_curve25519xsalsa20poly1305_ref_afternm,
-                       [:pointer, :pointer, :long_long, :pointer, :pointer]
-
-    wrap_nacl_function :crypto_box_curve25519_xsalsa20_poly1305_open_afternm,
-                       :crypto_box_curve25519xsalsa20poly1305_ref_open_afternm,
-                       [:pointer, :pointer, :long_long, :pointer, :pointer]
-
-    XSALSA20_POLY1305_SECRETBOX_KEYBYTES   = 32
-    XSALSA20_POLY1305_SECRETBOX_NONCEBYTES = 24
-    wrap_nacl_function :crypto_secretbox_xsalsa20poly1305,
-                       :crypto_secretbox_xsalsa20poly1305_ref,
-                       [:pointer, :pointer, :long_long, :pointer, :pointer]
-
-    wrap_nacl_function :crypto_secretbox_xsalsa20poly1305_open,
-                       :crypto_secretbox_xsalsa20poly1305_ref_open,
-                       [:pointer, :pointer, :long_long, :pointer, :pointer]
-
-    HMACSHA512256_KEYBYTES = 32
-    HMACSHA512256_BYTES = 32
-    wrap_nacl_function :crypto_auth_hmacsha512256,
-                       :crypto_auth_hmacsha512256_ref,
-                       [:pointer, :pointer, :long_long, :pointer]
-    wrap_nacl_function :crypto_auth_hmacsha512256_verify,
-                       :crypto_auth_hmacsha512256_ref_verify,
-                       [:pointer, :pointer, :long_long, :pointer]
-
-    HMACSHA256_KEYBYTES = 32
-    HMACSHA256_BYTES = 32
-    wrap_nacl_function :crypto_auth_hmacsha256,
-                       :crypto_auth_hmacsha256_ref,
-                       [:pointer, :pointer, :long_long, :pointer]
-    wrap_nacl_function :crypto_auth_hmacsha256_verify,
-                       :crypto_auth_hmacsha256_ref_verify,
-                       [:pointer, :pointer, :long_long, :pointer]
-    
-    ONETIME_KEYBYTES = 32
-    ONETIME_BYTES = 16
-    wrap_nacl_function :crypto_auth_onetime,
-                       :crypto_onetimeauth_poly1305_ref,
-                       [:pointer, :pointer, :long_long, :pointer]
-    wrap_nacl_function :crypto_auth_onetime_verify,
-                       :crypto_onetimeauth_poly1305_ref_verify,
-                       [:pointer, :pointer, :long_long, :pointer]
-
-    wrap_nacl_function :random_bytes,
-                       :randombytes,
-                       [:pointer, :long_long]
-
-    wrap_nacl_function :crypto_verify_32,
-                       :crypto_verify_32_ref,
-                       [:pointer, :pointer]
-    wrap_nacl_function :crypto_verify_16,
-                       :crypto_verify_16_ref,
-                       [:pointer, :pointer]
-
-    ED25519_SIGNATUREBYTES   = 64
-    SIGNATUREBYTES           = ED25519_SIGNATUREBYTES
-    ED25519_SIGNINGKEY_BYTES = 64
-    ED25519_VERIFYKEY_BYTES  = 32
-    ED25519_SEED_BYTES       = 32
-    wrap_nacl_function :crypto_sign_ed25519_seed_keypair,
-                       :crypto_sign_ed25519_ref_seed_keypair,
-                       [:pointer, :pointer, :pointer]
-
-    wrap_nacl_function :crypto_sign_ed25519,
-                       :crypto_sign_ed25519_ref,
-                       [:pointer, :pointer, :pointer, :long_long, :pointer]
-
-    wrap_nacl_function :crypto_sign_ed25519_open,
-                       :crypto_sign_ed25519_ref_open,
-                       [:pointer, :pointer, :pointer, :long_long, :pointer]
-
-    ED25519_SCALARBYTES = 32
-    SCALARBYTES         = ED25519_SCALARBYTES
-
-    wrap_nacl_function :crypto_scalarmult_curve25519,
-                       :crypto_scalarmult_curve25519_ref,
-                       [:pointer, :pointer, :pointer]
-  end
-end