rbnacl 3.1.2 → 3.2.0

data/lib/rbnacl/group_elements/curve25519.rb

@@ -14,19 +14,19 @@ module RbNaCl
       STANDARD_GROUP_ELEMENT = ["0900000000000000000000000000000000000000000000000000000000000000"].pack("H*").freeze
 
       # Order of the standard group
-      STANDARD_GROUP_ORDER = 2**252 + 27742317777372353535851937790883648493
+      STANDARD_GROUP_ORDER = 2**252 + 27_742_317_777_372_353_535_851_937_790_883_648_493
 
       include KeyComparator
       include Serializable
 
       extend Sodium
 
-      sodium_type      :scalarmult
+      sodium_type :scalarmult
       sodium_primitive :curve25519
 
-      sodium_function  :scalarmult_curve25519,
-                       :crypto_scalarmult_curve25519,
-                       [:pointer, :pointer, :pointer]
+      sodium_function :scalarmult_curve25519,
+                      :crypto_scalarmult_curve25519,
+                      [:pointer, :pointer, :pointer]
 
       # Number of bytes in a scalar on this curve
       SCALARBYTES = 32
@@ -67,15 +67,21 @@ module RbNaCl
       # Return the point serialized as bytes
       #
       # @return [String] 32-byte string representing this point
-      def to_bytes; @point; end
+      def to_bytes
+        @point
+      end
 
       @base_point = new(STANDARD_GROUP_ELEMENT)
 
       # NaCl's standard base point for all Curve25519 public keys
       #
       # @return [RbNaCl::Point] standard base point (a.k.a. standard group element)
-      def self.base; @base_point; end
-      def self.base_point; @base_point; end
+      def self.base
+        @base_point
+      end
+      class << self
+        attr_reader :base_point
+      end
     end
   end
 end

data/lib/rbnacl/hash.rb

@@ -25,7 +25,7 @@ module RbNaCl
     def self.sha256(data)
       data   = data.to_str
       digest = Util.zeros(SHA256::BYTES)
-      SHA256.hash_sha256(digest, data, data.bytesize) || raise(CryptoError, "Hashing failed!")
+      SHA256.hash_sha256(digest, data, data.bytesize) || fail(CryptoError, "Hashing failed!")
       digest
     end
 
@@ -40,7 +40,7 @@ module RbNaCl
     # @return [String] The SHA-512 hash as raw bytes (Or encoded as per the second argument)
     def self.sha512(data)
       digest = Util.zeros(SHA512::BYTES)
-      SHA512.hash_sha512(digest, data, data.bytesize) || raise(CryptoError, "Hashing failed!")
+      SHA512.hash_sha512(digest, data, data.bytesize) || fail(CryptoError, "Hashing failed!")
       digest
     end
 

data/lib/rbnacl/hash/blake2b.rb

@@ -13,16 +13,16 @@ module RbNaCl
     class Blake2b
       extend Sodium
 
-      sodium_type      :generichash
+      sodium_type :generichash
       sodium_primitive :blake2b
-      sodium_constant  :BYTES_MIN
-      sodium_constant  :BYTES_MAX
-      sodium_constant  :KEYBYTES_MIN
-      sodium_constant  :KEYBYTES_MAX
+      sodium_constant :BYTES_MIN
+      sodium_constant :BYTES_MAX
+      sodium_constant :KEYBYTES_MIN
+      sodium_constant :KEYBYTES_MAX
 
-      sodium_function  :generichash_blake2b,
-                       :crypto_generichash_blake2b,
-                       [:pointer, :ulong_long, :pointer, :ulong_long, :pointer, :ulong_long]
+      sodium_function :generichash_blake2b,
+                      :crypto_generichash_blake2b,
+                      [:pointer, :size_t, :pointer, :ulong_long, :pointer, :size_t]
 
       # Create a new Blake2b hash object
       #
@@ -38,15 +38,15 @@ module RbNaCl
 
         if @key
           @key_size = @key.bytesize
-          raise LengthError, "key too short" if @key_size < KEYBYTES_MIN
-          raise LengthError, "key too long"  if @key_size > KEYBYTES_MAX
+          fail LengthError, "key too short" if @key_size < KEYBYTES_MIN
+          fail LengthError, "key too long"  if @key_size > KEYBYTES_MAX
         else
           @key_size = 0
         end
 
         @digest_size = opts.fetch(:digest_size, BYTES_MAX)
-        raise LengthError, "digest size too short" if @digest_size < BYTES_MIN
-        raise LengthError, "digest size too long"  if @digest_size > BYTES_MAX
+        fail LengthError, "digest size too short" if @digest_size < BYTES_MIN
+        fail LengthError, "digest size too long"  if @digest_size > BYTES_MAX
       end
 
       # Calculate a Blake2b digest
@@ -56,7 +56,7 @@ module RbNaCl
       # @return [String] Blake2b digest of the string as raw bytes
       def digest(message)
         digest = Util.zeros(@digest_size)
-        self.class.generichash_blake2b(digest, @digest_size, message, message.bytesize, @key, @key_size) || raise(CryptoError, "Hashing failed!")
+        self.class.generichash_blake2b(digest, @digest_size, message, message.bytesize, @key, @key_size) || fail(CryptoError, "Hashing failed!")
         digest
       end
     end

data/lib/rbnacl/hash/sha256.rb

@@ -4,12 +4,12 @@ module RbNaCl
     # Provides a binding for the SHA256 function in libsodium
     module SHA256
       extend Sodium
-      sodium_type      :hash
+      sodium_type :hash
       sodium_primitive :sha256
-      sodium_constant  :BYTES
-      sodium_function  :hash_sha256,
-        :crypto_hash_sha256,
-        [:pointer, :pointer, :ulong_long]
+      sodium_constant :BYTES
+      sodium_function :hash_sha256,
+                      :crypto_hash_sha256,
+                      [:pointer, :pointer, :ulong_long]
     end
   end
 end

data/lib/rbnacl/hash/sha512.rb

@@ -4,12 +4,12 @@ module RbNaCl
     # Provides the binding for the SHA512 hash function
     module SHA512
       extend Sodium
-      sodium_type      :hash
+      sodium_type :hash
       sodium_primitive :sha512
-      sodium_constant  :BYTES
-      sodium_function  :hash_sha512,
-                       :crypto_hash_sha512,
-                       [:pointer, :pointer, :ulong_long]
+      sodium_constant :BYTES
+      sodium_function :hash_sha512,
+                      :crypto_hash_sha512,
+                      [:pointer, :pointer, :ulong_long]
     end
   end
 end

data/lib/rbnacl/hmac/sha256.rb

@@ -15,20 +15,21 @@ module RbNaCl
     class SHA256 < Auth
       extend Sodium
 
-      sodium_type      :auth
+      sodium_type :auth
       sodium_primitive :hmacsha256
-      sodium_constant  :BYTES
-      sodium_constant  :KEYBYTES
+      sodium_constant :BYTES
+      sodium_constant :KEYBYTES
+
+      sodium_function :auth_hmacsha256,
+                      :crypto_auth_hmacsha256,
+                      [:pointer, :pointer, :ulong_long, :pointer]
+
+      sodium_function :auth_hmacsha256_verify,
+                      :crypto_auth_hmacsha256_verify,
+                      [:pointer, :pointer, :ulong_long, :pointer]
 
-      sodium_function  :auth_hmacsha256,
-                       :crypto_auth_hmacsha256,
-                       [:pointer, :pointer, :ulong_long, :pointer]
-      
-      sodium_function  :auth_hmacsha256_verify,
-                       :crypto_auth_hmacsha256_verify,
-                       [:pointer, :pointer, :ulong_long, :pointer]
-      
       private
+
       def compute_authenticator(authenticator, message)
         self.class.auth_hmacsha256(authenticator, message, message.bytesize, key)
       end

data/lib/rbnacl/hmac/sha512256.rb

@@ -15,20 +15,21 @@ module RbNaCl
     class SHA512256 < Auth
       extend Sodium
 
-      sodium_type      :auth
+      sodium_type :auth
       sodium_primitive :hmacsha512256
-      sodium_constant  :BYTES
-      sodium_constant  :KEYBYTES
+      sodium_constant :BYTES
+      sodium_constant :KEYBYTES
 
-      sodium_function  :auth_hmacsha512256,
-                       :crypto_auth_hmacsha512256,
-                       [:pointer, :pointer, :ulong_long, :pointer]
-      
-      sodium_function  :auth_hmacsha512256_verify,
-                       :crypto_auth_hmacsha512256_verify,
-                       [:pointer, :pointer, :ulong_long, :pointer]
+      sodium_function :auth_hmacsha512256,
+                      :crypto_auth_hmacsha512256,
+                      [:pointer, :pointer, :ulong_long, :pointer]
+
+      sodium_function :auth_hmacsha512256_verify,
+                      :crypto_auth_hmacsha512256_verify,
+                      [:pointer, :pointer, :ulong_long, :pointer]
 
       private
+
       def compute_authenticator(authenticator, message)
         self.class.auth_hmacsha512256(authenticator, message, message.bytesize, key)
       end

data/lib/rbnacl/init.rb

@@ -6,7 +6,7 @@ module RbNaCl
     if defined?(RBNACL_LIBSODIUM_GEM_LIB_PATH)
       ffi_lib RBNACL_LIBSODIUM_GEM_LIB_PATH
     else
-      ffi_lib 'sodium'
+      ffi_lib "sodium"
     end
 
     attach_function :sodium_init, [], :int

data/lib/rbnacl/key_comparator.rb

@@ -23,9 +23,9 @@ module RbNaCl
         return nil
       end
 
-      if Util.verify32(self.to_bytes, other)
+      if Util.verify32(to_bytes, other)
         return 0
-      elsif self.to_bytes > other
+      elsif to_bytes > other
         return 1
       else
         return -1
@@ -53,7 +53,7 @@ module RbNaCl
       else
         return false
       end
-      Util.verify32(self.to_bytes, other)
+      Util.verify32(to_bytes, other)
     end
   end
 end

data/lib/rbnacl/one_time_auths/poly1305.rb

@@ -20,10 +20,10 @@ module RbNaCl
     class Poly1305 < Auth
       extend Sodium
 
-      sodium_type      :onetimeauth
+      sodium_type :onetimeauth
       sodium_primitive :poly1305
-      sodium_constant  :BYTES
-      sodium_constant  :KEYBYTES
+      sodium_constant :BYTES
+      sodium_constant :KEYBYTES
 
       sodium_function :onetimeauth_poly1305,
                       :crypto_onetimeauth_poly1305,
@@ -34,6 +34,7 @@ module RbNaCl
                       [:pointer, :pointer, :ulong_long, :pointer]
 
       private
+
       def compute_authenticator(authenticator, message)
         self.class.onetimeauth_poly1305(authenticator, message, message.bytesize, key)
       end
@@ -41,7 +42,6 @@ module RbNaCl
       def verify_message(authenticator, message)
         self.class.onetimeauth_poly1305_verify(authenticator, message, message.bytesize, key)
       end
-
     end
   end
 end

data/lib/rbnacl/password_hash/scrypt.rb

@@ -19,16 +19,14 @@ module RbNaCl
       extend Sodium
 
       begin
-        sodium_type      :pwhash
+        sodium_type :pwhash
         sodium_primitive :scryptsalsa208sha256
 
         sodium_constant :SALTBYTES
 
-        sodium_function  :scrypt,
-                         :crypto_pwhash_scryptsalsa208sha256,
-                         [:pointer, :ulong_long, :pointer, :ulong_long, :pointer, :ulong_long, :size_t]
-
-
+        sodium_function :scrypt,
+                        :crypto_pwhash_scryptsalsa208sha256,
+                        [:pointer, :ulong_long, :pointer, :ulong_long, :pointer, :ulong_long, :size_t]
 
         # Create a new SCrypt password hash object
         #
@@ -38,11 +36,12 @@ module RbNaCl
         # @return [RbNaCl::PasswordHash::SCrypt] An SCrypt password hasher object
         def initialize(opslimit, memlimit, digest_size = 64)
           # TODO: sanity check these parameters
-          @opslimit, @memlimit = opslimit, memlimit
+          @opslimit = opslimit
+          @memlimit = memlimit
 
           # TODO: check digest size validity
-          #raise LengthError, "digest size too short" if @digest_size < BYTES_MIN
-          #raise LengthError, "digest size too long"  if @digest_size > BYTES_MAX
+          # raise LengthError, "digest size too short" if @digest_size < BYTES_MIN
+          # raise LengthError, "digest size too long"  if @digest_size > BYTES_MAX
 
           @digest_size = digest_size
         end
@@ -57,11 +56,11 @@ module RbNaCl
           digest = Util.zeros(@digest_size)
           salt   = Util.check_string(salt, SALTBYTES, "salt")
 
-          self.class.scrypt(digest, @digest_size, password, password.bytesize, salt, @opslimit, @memlimit) || raise(CryptoError, "scrypt failed!")
+          self.class.scrypt(digest, @digest_size, password, password.bytesize, salt, @opslimit, @memlimit) || fail(CryptoError, "scrypt failed!")
           digest
         end
       rescue FFI::NotFoundError
-        def initialize(opslimit, memlimit, digest_size = 64)
+        def initialize(_opslimit, _memlimit, _digest_size = 64)
           raise NotImplementedError, "scrypt not implemented in this version of libsodium"
         end
       end

data/lib/rbnacl/random.rb

@@ -1,4 +1,4 @@
-require 'thread'
+require "thread"
 
 # encoding: binary
 module RbNaCl
@@ -19,7 +19,7 @@ module RbNaCl
     # @param [Integer] n number of random bytes desired
     #
     # @return [String] random bytes.
-    def self.random_bytes(n=32)
+    def self.random_bytes(n = 32)
       buf = RbNaCl::Util.zeros(n)
       @mutex.synchronize { c_random_bytes(buf, n) }
       buf

data/lib/rbnacl/secret_boxes/xsalsa20poly1305.rb

@@ -20,12 +20,12 @@ module RbNaCl
     class XSalsa20Poly1305
       extend Sodium
 
-      sodium_type      :secretbox
+      sodium_type :secretbox
       sodium_primitive :xsalsa20poly1305
-      sodium_constant  :KEYBYTES
-      sodium_constant  :NONCEBYTES
-      sodium_constant  :ZEROBYTES
-      sodium_constant  :BOXZEROBYTES
+      sodium_constant :KEYBYTES
+      sodium_constant :NONCEBYTES
+      sodium_constant :ZEROBYTES
+      sodium_constant :BOXZEROBYTES
 
       sodium_function :secretbox_xsalsa20poly1305,
                       :crypto_secretbox_xsalsa20poly1305,
@@ -67,10 +67,12 @@ module RbNaCl
         msg = Util.prepend_zeros(ZEROBYTES, message)
         ct  = Util.zeros(msg.bytesize)
 
-        self.class.secretbox_xsalsa20poly1305(ct, msg, msg.bytesize, nonce, @key) || raise(CryptoError, "Encryption failed")
+        success = self.class.secretbox_xsalsa20poly1305(ct, msg, msg.bytesize, nonce, @key)
+        fail CryptoError, "Encryption failed" unless success
+
         Util.remove_zeros(BOXZEROBYTES, ct)
       end
-      alias encrypt box
+      alias_method :encrypt, :box
 
       # Decrypts a ciphertext
       #
@@ -91,35 +93,47 @@ module RbNaCl
         ct = Util.prepend_zeros(BOXZEROBYTES, ciphertext)
         message  = Util.zeros(ct.bytesize)
 
-        self.class.secretbox_xsalsa20poly1305_open(message, ct, ct.bytesize, nonce, @key) || raise(CryptoError, "Decryption failed. Ciphertext failed verification.")
+        success = self.class.secretbox_xsalsa20poly1305_open(message, ct, ct.bytesize, nonce, @key)
+        fail CryptoError, "Decryption failed. Ciphertext failed verification." unless success
+
         Util.remove_zeros(ZEROBYTES, message)
       end
-      alias decrypt open
+      alias_method :decrypt, :open
 
       # The crypto primitive for the SecretBox instance
       #
       # @return [Symbol] The primitive used
-      def primitive; self.class.primitive; end
+      def primitive
+        self.class.primitive
+      end
 
       # The nonce bytes for the SecretBox class
       #
       # @return [Integer] The number of bytes in a valid nonce
-      def self.nonce_bytes; NONCEBYTES; end
+      def self.nonce_bytes
+        NONCEBYTES
+      end
 
       # The nonce bytes for the SecretBox instance
       #
       # @return [Integer] The number of bytes in a valid nonce
-      def nonce_bytes; NONCEBYTES; end
+      def nonce_bytes
+        NONCEBYTES
+      end
 
       # The key bytes for the SecretBox class
       #
       # @return [Integer] The number of bytes in a valid key
-      def self.key_bytes; KEYBYTES; end
+      def self.key_bytes
+        KEYBYTES
+      end
 
       # The key bytes for the SecretBox instance
       #
       # @return [Integer] The number of bytes in a valid key
-      def key_bytes; KEYBYTES; end
+      def key_bytes
+        KEYBYTES
+      end
     end
   end
 end

data/lib/rbnacl/self_test.rb

@@ -2,14 +2,16 @@
 
 start = Time.now if $DEBUG
 
+# NaCl/libsodium for Ruby
 module RbNaCl
   class SelfTestFailure < RbNaCl::CryptoError; end
 
+  # Self-test performed at startup
   module SelfTest
     module_function
 
     def vector(name)
-      [TestVectors[name]].pack("H*")
+      [TEST_VECTORS[name]].pack("H*")
     end
 
     def box_test
@@ -30,27 +32,18 @@ module RbNaCl
       message    = vector :box_message
       ciphertext = vector :box_ciphertext
 
-      unless box.encrypt(nonce, message) == ciphertext
-        #:nocov:
-        raise SelfTestFailure, "failed to generate correct ciphertext"
-        #:nocov:
-      end
-
-      unless box.decrypt(nonce, ciphertext) == message
-        #:nocov:
-        raise SelfTestFailure, "failed to decrypt ciphertext correctly"
-        #:nocov:
-      end
+      fail SelfTestFailure, "failed to generate correct ciphertext" unless box.encrypt(nonce, message) == ciphertext
+      fail SelfTestFailure, "failed to decrypt ciphertext correctly" unless box.decrypt(nonce, ciphertext) == message
 
       begin
         passed         = false
         corrupt_ct     = ciphertext.dup
-        corrupt_ct[23] = ' '
+        corrupt_ct[23] = " "
         box.decrypt(nonce, corrupt_ct)
       rescue CryptoError
         passed = true
       ensure
-        passed or raise SelfTestFailure, "failed to detect corrupt ciphertext"
+        passed || fail(SelfTestFailure, "failed to detect corrupt ciphertext")
       end
     end
 
@@ -60,7 +53,7 @@ module RbNaCl
 
       unless verify_key.to_s == vector(:sign_public)
         #:nocov:
-        raise SelfTestFailure, "failed to generate verify key correctly"
+        fail SelfTestFailure, "failed to generate verify key correctly"
         #:nocov:
       end
 
@@ -69,24 +62,24 @@ module RbNaCl
 
       unless signature == vector(:sign_signature)
         #:nocov:
-        raise SelfTestFailure, "failed to generate correct signature"
+        fail SelfTestFailure, "failed to generate correct signature"
         #:nocov:
       end
 
       unless verify_key.verify(signature, message)
         #:nocov:
-        raise SelfTestFailure, "failed to verify a valid signature"
+        fail SelfTestFailure, "failed to verify a valid signature"
         #:nocov:
       end
 
       begin
         passed         = false
-        bad_signature = signature[0,63] + '0'
+        bad_signature = signature[0, 63] + "0"
         verify_key.verify(bad_signature, message)
       rescue CryptoError
         passed = true
       ensure
-        passed or raise SelfTestFailure, "failed to detect corrupt ciphertext"
+        passed || fail(SelfTestFailure, "failed to detect corrupt ciphertext")
       end
     end
 
@@ -94,11 +87,7 @@ module RbNaCl
       message = vector :sha256_message
       digest  = vector :sha256_digest
 
-      unless RbNaCl::Hash.sha256(message) == digest
-        #:nocov:
-        raise SelfTestFailure, "failed to generate a correct SHA256 digest"
-        #:nocov:
-      end
+      fail SelfTestFailure, "failed to generate a correct SHA256 digest" unless RbNaCl::Hash.sha256(message) == digest
     end
 
     def hmac_test(klass, tag)
@@ -106,25 +95,16 @@ module RbNaCl
 
       message = vector :auth_message
 
-      unless authenticator.auth(message) == vector(tag)
-        #:nocov:
-        raise SelfTestFailure, "#{klass} failed to generate correct authentication tag"
-        #:nocov:
-      end
-
-      unless authenticator.verify(vector(tag), message)
-        #:nocov:
-        raise SelfTestFailure, "#{klass} failed to verify correct authentication tag"
-        #:nocov:
-      end
+      fail SelfTestFailure, "#{klass} failed to generate correct authentication tag" unless authenticator.auth(message) == vector(tag)
+      fail SelfTestFailure, "#{klass} failed to verify correct authentication tag" unless authenticator.verify(vector(tag), message)
 
       begin
         passed         = false
-        authenticator.verify(vector(tag), message + ' ')
+        authenticator.verify(vector(tag), message + " ")
       rescue CryptoError
         passed = true
       ensure
-        passed or raise SelfTestFailure, "failed to detect corrupt ciphertext"
+        passed || fail(SelfTestFailure, "failed to detect corrupt ciphertext")
       end
     end
   end