rbnacl 1.1.0 → 2.0.0.pre

data/lib/rbnacl/point.rb

@@ -1,70 +0,0 @@
-# encoding: binary
-module Crypto
-  # NaCl's base point (a.k.a. standard group element), serialized as hex
-  STANDARD_GROUP_ELEMENT = "0900000000000000000000000000000000000000000000000000000000000000".freeze
-
-  # Order of the standard group
-  STANDARD_GROUP_ORDER = 2**252 + 27742317777372353535851937790883648493
-
-  # Points provide the interface to NaCl's Curve25519 high-speed elliptic
-  # curve cryptography, which can be used for implementing Diffie-Hellman
-  # and other forms of public key cryptography (e.g. Crypto::Box)
-  #
-  # Objects of the Point class represent points on Edwards curves. NaCl
-  # defines a base point (the "standard group element") which we can
-  # multiply by an arbitrary integer. This is how NaCl computes public
-  # keys from private keys.
-  class Point
-    include KeyComparator
-    include Serializable
-
-    # Number of bytes in a scalar on this curve
-    SCALARBYTES = NaCl::ED25519_SCALARBYTES
-
-    # Creates a new Point from the given serialization
-    #
-    # @param value [String] 32-byte value representing a group element
-    # @param encoding [Symbol] The encoding format of the group element
-    #
-    # @return [Crypto::Point] New Crypto::Point object
-    def initialize(value, encoding = :raw)
-      @point = Encoder[encoding].decode(value)
-
-      # FIXME: really should have a separate constant here for group element size
-      # Group elements and scalars are both 32-bits, but that's for convenience
-      Util.check_length(@point, SCALARBYTES, "group element")
-    end
-
-    # Multiply the given integer by this point
-    # This ordering is a bit confusing because traditionally the point
-    # would be the right-hand operand.
-    #
-    # @param integer [String] 32-byte integer value
-    # @param encoding [Symbol] The encoding format of the integer
-    #
-    # @return [Crypto::Point] Result as a Point object
-    def mult(integer, encoding = :raw)
-      integer = Encoder[encoding].decode(integer)
-      Util.check_length(integer, SCALARBYTES, "integer")
-
-      result = Util.zeros(SCALARBYTES)
-      NaCl.crypto_scalarmult_curve25519(result, integer, @point)
-
-      self.class.new(result)
-    end
-
-    # Return the point serialized as bytes
-    #
-    # @return [String] 32-byte string representing this point
-    def to_bytes; @point; end
-
-    @base_point = Point.new(STANDARD_GROUP_ELEMENT, :hex)
-
-    # NaCl's standard base point for all Curve25519 public keys
-    #
-    # @return [Crypto::Point] standard base point (a.k.a. standard group element)
-    def self.base; @base_point; end
-    def self.base_point; @base_point; end
-  end
-end
-   

data/lib/rbnacl/secret_box.rb

@@ -1,119 +0,0 @@
-# encoding: binary
-module Crypto
-  # The SecretBox class boxes and unboxes messages
-  #
-  # This class uses the given secret key to encrypt and decrypt messages.
-  #
-  # It is VITALLY important that the nonce is a nonce, i.e. it is a number used
-  # only once for any given pair of keys.  If you fail to do this, you
-  # compromise the privacy of the messages encrypted. Give your nonces a
-  # different prefix, or have one side use an odd counter and one an even counter.
-  # Just make sure they are different.
-  #
-  # The ciphertexts generated by this class include a 16-byte authenticator which
-  # is checked as part of the decryption.  An invalid authenticator will cause
-  # the unbox function to raise.  The authenticator is not a signature.  Once
-  # you've looked in the box, you've demonstrated the ability to create
-  # arbitrary valid messages, so messages you send are repudiatable.  For
-  # non-repudiatable messages, sign them before or after encryption.
-  class SecretBox
-    # Number of bytes for a secret key
-    KEYBYTES = NaCl::XSALSA20_POLY1305_SECRETBOX_KEYBYTES
-
-    # Number of bytes for a nonce
-    NONCEBYTES = NaCl::XSALSA20_POLY1305_SECRETBOX_NONCEBYTES
-
-    # Create a new SecretBox
-    #
-    # Sets up the Box with a secret key fro encrypting and decrypting messages.
-    #
-    # @param key [String] The key to encrypt and decrypt with
-    # @param encoding [Symbol] Parse key from the given encoding
-    #
-    # @raise [Crypto::LengthError] on invalid keys
-    #
-    # @return [Crypto::SecretBox] The new Box, ready to use
-    def initialize(key, encoding = :raw)
-      @key = Encoder[encoding].decode(key) if key
-      Util.check_length(@key, KEYBYTES, "Secret key")
-    end
-
-    # Encrypts a message
-    #
-    # Encrypts the message with the given nonce to the key set up when
-    # initializing the class.  Make sure the nonce is unique for any given
-    # key, or you might as well just send plain text.
-    #
-    # This function takes care of the padding required by the NaCL C API.
-    #
-    # @param nonce [String] A 24-byte string containing the nonce.
-    # @param message [String] The message to be encrypted.
-    #
-    # @raise [Crypto::LengthError] If the nonce is not valid
-    #
-    # @return [String] The ciphertext without the nonce prepended (BINARY encoded)
-    def box(nonce, message)
-      Util.check_length(nonce, nonce_bytes, "Nonce")
-      msg = Util.prepend_zeros(NaCl::ZEROBYTES, message)
-      ct  = Util.zeros(msg.bytesize)
-
-      NaCl.crypto_secretbox_xsalsa20poly1305(ct, msg, msg.bytesize, nonce, @key) || raise(CryptoError, "Encryption failed")
-      Util.remove_zeros(NaCl::BOXZEROBYTES, ct)
-    end
-    alias encrypt box
-
-    # Decrypts a ciphertext
-    #
-    # Decrypts the ciphertext with the given nonce using the key setup when
-    # initializing the class.
-    #
-    # This function takes care of the padding required by the NaCL C API.
-    #
-    # @param nonce [String] A 24-byte string containing the nonce.
-    # @param ciphertext [String] The message to be decrypted.
-    #
-    # @raise [Crypto::LengthError] If the nonce is not valid
-    # @raise [Crypto::CryptoError] If the ciphertext cannot be authenticated.
-    #
-    # @return [String] The decrypted message (BINARY encoded)
-    def open(nonce, ciphertext)
-      Util.check_length(nonce, nonce_bytes, "Nonce")
-      ct = Util.prepend_zeros(NaCl::BOXZEROBYTES, ciphertext)
-      message  = Util.zeros(ct.bytesize)
-
-      NaCl.crypto_secretbox_xsalsa20poly1305_open(message, ct, ct.bytesize, nonce, @key) || raise(CryptoError, "Decryption failed. Ciphertext failed verification.")
-      Util.remove_zeros(NaCl::ZEROBYTES, message)
-    end
-    alias decrypt open
-
-    # The crypto primitive for the SecretBox class
-    #
-    # @return [Symbol] The primitive used
-    def self.primitive; :xsalsa20_poly1305; end
-
-    # The crypto primitive for the SecretBox instance
-    #
-    # @return [Symbol] The primitive used
-    def primitive; self.class.primitive; end
-
-    # The nonce bytes for the SecretBox class
-    #
-    # @return [Integer] The number of bytes in a valid nonce
-    def self.nonce_bytes; NONCEBYTES; end
-
-    # The nonce bytes for the SecretBox instance
-    #
-    # @return [Integer] The number of bytes in a valid nonce
-    def nonce_bytes; NONCEBYTES; end
-
-    # The key bytes for the SecretBox class
-    #
-    # @return [Integer] The number of bytes in a valid key
-    def self.key_bytes; KEYBYTES; end
-
-    # The key bytes for the SecretBox instance
-    #
-    # @return [Integer] The number of bytes in a valid key
-    def key_bytes; KEYBYTES; end
-  end
-end

data/spec/rbnacl/box_spec.rb

@@ -1,42 +0,0 @@
-# encoding: binary
-require 'spec_helper'
-
-describe Crypto::Box do
-  let(:alicepk_hex) { hex_vector :alice_public }
-  let(:bobsk_hex)   { hex_vector :bob_private }
-
-  let(:alicepk)   { hex2bytes(alicepk_hex) }
-  let(:bobsk)     { hex2bytes(bobsk_hex) }
-  let(:alice_key) { Crypto::PublicKey.new(alicepk) }
-  let(:bob_key)   { Crypto::PrivateKey.new(bobsk) }
-
-  context "new" do
-    it "accepts strings" do
-      expect { Crypto::Box.new(alicepk_hex, bobsk_hex, :hex) }.to_not raise_error(Exception)
-    end
-
-    it "accepts KeyPairs" do
-      expect { Crypto::Box.new(alice_key, bob_key) }.to_not raise_error(Exception)
-    end
-
-    it "raises on a nil public key" do
-      expect { Crypto::Box.new(nil, bobsk) }.to raise_error(Crypto::LengthError, /Public key was 0 bytes \(Expected 32\)/)
-    end
-
-    it "raises on an invalid public key" do
-      expect { Crypto::Box.new("hello", bobsk) }.to raise_error(Crypto::LengthError, /Public key was 5 bytes \(Expected 32\)/)
-    end
-
-    it "raises on a nil secret key" do
-      expect { Crypto::Box.new(alicepk, nil) }.to raise_error(Crypto::LengthError, /Private key was 0 bytes \(Expected 32\)/)
-    end
-
-    it "raises on an invalid secret key" do
-      expect { Crypto::Box.new(alicepk, "hello") }.to raise_error(Crypto::LengthError, /Private key was 5 bytes \(Expected 32\)/)
-    end
-  end
-
-  include_examples 'box' do
-    let(:box) { Crypto::Box.new(alicepk, bobsk) }
-  end
-end

data/spec/rbnacl/encoder_spec.rb

@@ -1,14 +0,0 @@
-# encoding: binary
-require 'spec_helper'
-
-describe Crypto::Encoder do
-  it "registers encoders" do
-    expect { Crypto::Encoder[:foobar] }.to raise_exception(ArgumentError)
-
-    class FoobarEncoder < described_class
-      register :foobar
-    end
-
-    Crypto::Encoder[:foobar].should be_a FoobarEncoder
-  end
-end

data/spec/rbnacl/encoders/base32_spec.rb

@@ -1,16 +0,0 @@
-# encoding: binary
-require 'spec_helper'
-require 'rbnacl/encoders/base32'
-
-describe Crypto::Encoders::Base32 do
-  let(:source) { "abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789" }
-  let(:base32) { "mfrggzdfmztwq2lknnwg23tpobyxe43uov3ho6dzpiydcmrtgq2tmnzyhfqwey3emvtgo2djnjvwy3lon5yhc4ttor2xm53ypf5damjsgm2dknrxha4wcytdmrswmz3infvgw3dnnzxxa4lson2hk5txpb4xumbrgiztinjwg44ds===" }
-
-  it "encodes to base32" do
-    subject.encode(source).should eq base32
-  end
-
-  it "decodes from base32" do
-    subject.decode(base32).should eq source
-  end
-end

data/spec/rbnacl/encoders/base64_spec.rb

@@ -1,15 +0,0 @@
-# encoding: binary
-require 'spec_helper'
-
-describe Crypto::Encoders::Base64 do
-  let(:source) { "abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789" }
-  let(:base64) { "YWJjZGVmZ2hpamtsbW5vcHFyc3R1dnd4eXowMTIzNDU2Nzg5YWJjZGVmZ2hpamtsbW5vcHFyc3R1dnd4eXowMTIzNDU2Nzg5YWJjZGVmZ2hpamtsbW5vcHFyc3R1dnd4eXowMTIzNDU2Nzg5" }
-
-  it "encodes to base64" do
-    subject.encode(source).should eq base64
-  end
-
-  it "decodes from base64" do
-    subject.decode(base64).should eq source
-  end
-end

data/spec/rbnacl/encoders/hex_spec.rb

@@ -1,15 +0,0 @@
-# encoding: binary
-require 'spec_helper'
-
-describe Crypto::Encoders::Hex do
-  let (:bytes) { [0xDE,0xAD,0xBE,0xEF].pack('c*') }
-  let (:hex)   { "deadbeef" }
-
-  it "encodes to hex" do
-    subject.encode(bytes).should eq hex
-  end
-
-  it "decodes from hex" do
-    subject.decode(hex).should eq bytes
-  end
-end

data/spec/rbnacl/keys/private_key_spec.rb

@@ -1,68 +0,0 @@
-# encoding: binary
-require 'spec_helper'
-
-describe Crypto::PrivateKey do
-  let(:bobsk)     { test_vector :bob_private }
-  let(:bobsk_hex) { bytes2hex bobsk }
-  let(:bobpk)     { test_vector :bob_public }
-  let(:bobpk_hex) { bytes2hex bobpk }
-
-  subject { Crypto::PrivateKey.new(bobsk) }
-
-  context "generate" do
-    let(:secret_key) { Crypto::PrivateKey.generate }
-
-    it "returns a secret key" do
-      secret_key.should be_a Crypto::PrivateKey
-    end
-
-    it "has the public key also set" do
-      secret_key.public_key.should be_a Crypto::PublicKey
-    end
-  end
-
-  context "new" do
-    it "accepts a valid key" do
-      expect { Crypto::PrivateKey.new(bobsk) }.not_to raise_error
-    end
-    it "accepts a hex encoded key" do
-      expect { Crypto::PrivateKey.new(bobsk_hex, :hex) }.not_to raise_error
-    end
-    it "rejects a nil key" do
-      expect { Crypto::PrivateKey.new(nil) }.to raise_error(ArgumentError)
-    end
-    it "rejects a short key" do
-      expect { Crypto::PrivateKey.new("short") }.to raise_error(ArgumentError)
-    end
-  end
-
-  context "public_key" do
-    it "returns a public key" do
-      subject.public_key.should be_a Crypto::PublicKey
-    end
-    it "returns the correct public key" do
-      subject.public_key.to_s(:hex).should eql bobpk_hex
-    end
-  end
-
-  context "#to_bytes" do
-    it "returns the bytes of the key" do
-      subject.to_s(:hex).should eq bobsk_hex
-    end
-  end
-
-  context "#to_s" do
-    it "returns the bytes of the key hex encoded" do
-      subject.to_s(:hex).should eq bobsk_hex
-    end
-    it "returns the raw bytes of the key" do
-      subject.to_bytes.should eq bobsk
-    end
-  end
-
-  include_examples "key equality" do
-    let(:key) { subject }
-    let(:key_bytes) { subject.to_bytes }
-    let(:other_key) { described_class.new(bobpk) }
-  end
-end

data/spec/rbnacl/keys/signing_key_spec.rb

@@ -1,39 +0,0 @@
-# encoding: binary
-require 'spec_helper'
-
-describe Crypto::SigningKey do
-  let(:signing_key_hex) { hex_vector :sign_private }
-  let(:signing_key)     { hex2bytes signing_key_hex }
-
-  let(:message)         { test_vector :sign_message }
-  let(:signature)       { test_vector :sign_signature }
-
-  # NOTE: this implicitly covers testing initialization from bytes
-  subject { described_class.new(signing_key_hex, :hex) }
-
-  it "generates keys" do
-    described_class.generate.should be_a described_class
-  end
-
-  it "signs messages as bytes" do
-    subject.sign(message).should eq signature
-  end
-
-  it "signs messages as hex" do
-    subject.sign(message, :hex).should eq bytes2hex signature
-  end
-
-  it "serializes to hex" do
-    subject.to_s(:hex).should eq signing_key_hex
-  end
-
-  it "serializes to bytes" do
-    subject.to_bytes.should eq signing_key
-  end
-
-  include_examples "key equality" do
-    let(:key_bytes) { signing_key }
-    let(:key)       { described_class.new(key_bytes) }
-    let(:other_key) { described_class.new("B"*32) }
-  end
-end

data/spec/rbnacl/keys/verify_key_spec.rb

@@ -1,51 +0,0 @@
-# encoding: binary
-describe Crypto::VerifyKey do
-  let(:signing_key)    { hex_vector :sign_private }
-  let(:verify_key)     { hex_vector :sign_public }
-  let(:verify_key_raw) { hex2bytes verify_key }
-
-  let(:message)        { test_vector :sign_message }
-  let(:signature)      { hex_vector :sign_signature }
-  let(:signature_raw)  { hex2bytes signature }
-  let(:bad_signature)  { sig = signature.dup; sig[0] = (sig[0].ord + 1).chr; sig }
-
-  subject { Crypto::SigningKey.new(signing_key, :hex).verify_key }
-
-  it "verifies correct signatures" do
-    subject.verify(message, signature_raw).should be_true
-  end
-
-  it "verifies correct hex signatures" do
-    subject.verify(message, signature, :hex).should be_true
-  end
-
-  it "detects bad signatures" do
-    subject.verify(message, bad_signature, :hex).should be_false
-  end
-
-  it "raises when asked to verify with a bang" do
-    expect { subject.verify!(message, bad_signature, :hex) }.to raise_exception Crypto::BadSignatureError
-  end
-
-  it "serializes to bytes" do
-    subject.to_bytes.should eq verify_key_raw
-  end
-
-  it "serializes to hex" do
-    subject.to_s(:hex).should eq verify_key
-  end
-
-  it "initializes from bytes" do
-    described_class.new(verify_key_raw).to_s(:hex).should eq verify_key
-  end
-
-  it "initializes from hex" do
-    described_class.new(verify_key, :hex).to_s(:hex).should eq verify_key
-  end
-
-  include_examples "key equality" do
-    let(:key_bytes) { verify_key_raw }
-    let(:key)       { described_class.new(key_bytes) }
-    let(:other_key) { described_class.new("B"*32) }
-  end
-end