rbnacl 3.2.0 → 3.3.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: d579b906e40df02d066ed657b294a03258e973c1
4
- data.tar.gz: efa52b89d6fa69c64e353bba805b54da1e4cd75e
3
+ metadata.gz: ee6ee0f334ee9f46c4ec0bc6fd5c82666780740c
4
+ data.tar.gz: 26c902ffe1a46d82e0ee822dff3b03ef7a00aae7
5
5
  SHA512:
6
- metadata.gz: bc23cabab38ee76841891e5f8ea39c864e2d3053ba70b2b27bce1a4f4699a9260ae20dba5134ecc5eb0264b4d177aae56938aaba8cf94ce20831cf99b3147f81
7
- data.tar.gz: c5a70483933ff229e6ef2732d94032a95762c82e37c4fab8d02e551e2b4fc55db1e8706f67ee964d21ccd3f9a40bdc7454473891a1d982bd6479fef24b85e47f
6
+ metadata.gz: 59b17731059eb1eed48984fb657af152eead63527e91840c17cee5114cd9ac579edd0427a1a2dcc3b846714beeecd66739926c9089663d75901d59468e969eef
7
+ data.tar.gz: 04ce82d844ae5fdf10c634275db80e56aba13391f9f1364d306b1119ba646b4eff875377b6c94ed05dc9682f935ee8a9db3fc0e5177b8bcb7923ed4fe88eb293
@@ -2,13 +2,19 @@ script: bundle exec rake ci
2
2
 
3
3
  rvm:
4
4
  - 2.0.0
5
- - 2.1.4
6
- - 2.2.2
5
+ - 2.1.8
6
+ - 2.2.4
7
+ - 2.3.0
7
8
  - ruby-head
8
9
  - jruby
10
+ - jruby-9.0.4.0
9
11
  - jruby-head
10
12
  - rbx-2
11
13
 
14
+ env:
15
+ - LIBSODIUM_VERSION=1.0.0 # Minimum supported
16
+ - LIBSODIUM_VERSION=1.0.8 # Latest released
17
+
12
18
  matrix:
13
19
  fast_finish: true
14
20
  allow_failures:
data/CHANGES.md CHANGED
@@ -1,3 +1,13 @@
1
+ 3.3.0 (2015-12-29)
2
+ ------------------
3
+ * [#105](https://github.com/cryptosphere/rbnacl/pull/105)
4
+ Add salt/personalisation strings for Blake2b.
5
+ ([@namelessjon])
6
+
7
+ * [#128](https://github.com/cryptosphere/rbnacl/pull/128)
8
+ Remove use of Thread.exclusive when initializing library.
9
+ ([@tarcieri])
10
+
1
11
  3.2.0 (2015-05-31)
2
12
  ------------------
3
13
  * Fix method signature for blake2b
@@ -59,3 +69,6 @@
59
69
  1.0.0 (2013-03-08)
60
70
  ------------------
61
71
  * Initial release
72
+
73
+ [@namelessjon]: https://github.com/namelessjon
74
+ [@tarcieri]: https://github.com/tarcieri
data/Gemfile CHANGED
@@ -9,9 +9,5 @@ end
9
9
 
10
10
  group :test do
11
11
  gem "coveralls", require: false
12
- gem "rbnacl-libsodium"
13
- end
14
-
15
- group :development, :test do
16
- gem "rubocop"
12
+ gem "rbnacl-libsodium", ENV["LIBSODIUM_VERSION"]
17
13
  end
data/README.md CHANGED
@@ -55,15 +55,13 @@ For more information on NaCl's goals, see Dan Bernstein's presentation
55
55
  You can use RbNaCl anywhere you can get libsodium installed (see below).
56
56
  RbNaCl is continuously integration tested on the following Ruby VMs:
57
57
 
58
- * MRI 2.0, 2.1, 2.2
59
- * JRuby 1.7 (in both 1.8/1.9 mode)
60
- * Rubinius HEAD (in both 1.8/1.9 mode)
61
-
62
- In theory Windows should be supported, although there are not yet any
63
- reports of successful Windows users.
58
+ * MRI 2.0, 2.1, 2.2, 2.3
59
+ * JRuby 1.7, 9000
64
60
 
65
61
  ## Installation
66
62
 
63
+ Note: [Windows installation instructions are available](https://github.com/cryptosphere/rbnacl/wiki/Windows-Installation).
64
+
67
65
  ### libsodium
68
66
 
69
67
  **NOTE: Want to avoid the hassle of installing libsodium? Use the
@@ -138,16 +136,6 @@ information.
138
136
  [hashes]: https://github.com/cryptosphere/rbnacl/wiki/Hash-Functions
139
137
  [rdoc]: http://rubydoc.info/github/cryptosphere/rbnacl/master/frames
140
138
 
141
- ## Security Notes
142
-
143
- NaCl itself has been expertly crafted to avoid a whole range of
144
- side-channel attacks, however the RbNaCl code itself has not been
145
- written with the same degree of expertise. While the code is
146
- straightforward it should be considered experimental until audited
147
- by professional cryptographers.
148
-
149
- That said, it's probably still a million times better than OpenSSL...
150
-
151
139
  ## Reporting Security Problems
152
140
 
153
141
  If you have discovered a bug in RbNaCl of a sensitive nature, i.e.
@@ -207,5 +195,5 @@ Sure, here you go:
207
195
 
208
196
  ## License
209
197
 
210
- Copyright (c) 2012-14 Jonathan Stott, Tony Arcieri.
198
+ Copyright (c) 2012-2015 Jonathan Stott, Tony Arcieri.
211
199
  Distributed under the MIT License. See LICENSE.txt for further details.
@@ -85,7 +85,7 @@ module RbNaCl
85
85
  end
86
86
 
87
87
  # Select platform-optimized versions of algorithms
88
- Thread.exclusive { RbNaCl::Init.sodium_init }
88
+ RbNaCl::Init.sodium_init
89
89
 
90
90
  # Perform self test on load
91
91
  require "rbnacl/self_test" unless defined?($RBNACL_SELF_TEST) && $RBNACL_SELF_TEST == false
@@ -143,7 +143,7 @@ module RbNaCl
143
143
  def open(nonce, ciphertext)
144
144
  Util.check_length(nonce, nonce_bytes, "Nonce")
145
145
  ct = Util.prepend_zeros(BOXZEROBYTES, ciphertext)
146
- message = Util.zeros(ct.bytesize)
146
+ message = Util.zeros(ct.bytesize)
147
147
 
148
148
  success = self.class.box_curve25519xsalsa20poly1305_open_afternm(message, ct, ct.bytesize, nonce, beforenm)
149
149
  fail CryptoError, "Decryption failed. Ciphertext failed verification." unless success
@@ -21,7 +21,7 @@ module RbNaCl
21
21
  #
22
22
  # @raise [CryptoError] If the hashing fails for some reason.
23
23
  #
24
- # @return [String] The SHA-256 hash as raw bytes (Or encoded as per the second argument)
24
+ # @return [String] The SHA-256 hash digest as raw bytes
25
25
  def self.sha256(data)
26
26
  data = data.to_str
27
27
  digest = Util.zeros(SHA256::BYTES)
@@ -37,7 +37,7 @@ module RbNaCl
37
37
  #
38
38
  # @raise [CryptoError] If the hashing fails for some reason.
39
39
  #
40
- # @return [String] The SHA-512 hash as raw bytes (Or encoded as per the second argument)
40
+ # @return [String] The SHA-512 hash digest as raw bytes
41
41
  def self.sha512(data)
42
42
  digest = Util.zeros(SHA512::BYTES)
43
43
  SHA512.hash_sha512(digest, data, data.bytesize) || fail(CryptoError, "Hashing failed!")
@@ -50,12 +50,16 @@ module RbNaCl
50
50
  # This method returns a 64-byte hash by default.
51
51
  #
52
52
  # @param [String] data The data, as a collection of bytes
53
- # @option options [Fixnum] digest_size Size in bytes (1-64, default 64)
54
- # @option options [String] key 64-byte (or less) key for keyed mode
53
+ # @option options [Fixnum] digest_size Size in bytes (1-64, default 64)
54
+ # @option options [String] key 64-byte (or less) key for keyed mode
55
+ # @option options [String] salt Provide a salt to support randomised hashing.
56
+ # This is mixed into the parameters block to start the hashing.
57
+ # @option options [Personal] personal Provide personalisation string to allow pinning a hash for a particular purpose.
58
+ # This is mixed into the parameters block to start the hashing
55
59
  #
56
60
  # @raise [CryptoError] If the hashing fails for some reason.
57
61
  #
58
- # @return [String] The blake2b hash as raw bytes (Or encoded as per the second argument)
62
+ # @return [String] The Blake2b hash digest as raw bytes
59
63
  def self.blake2b(data, options = {})
60
64
  Blake2b.new(options).digest(data)
61
65
  end
@@ -19,16 +19,25 @@ module RbNaCl
19
19
  sodium_constant :BYTES_MAX
20
20
  sodium_constant :KEYBYTES_MIN
21
21
  sodium_constant :KEYBYTES_MAX
22
+ sodium_constant :SALTBYTES
23
+ sodium_constant :PERSONALBYTES
22
24
 
23
- sodium_function :generichash_blake2b,
24
- :crypto_generichash_blake2b,
25
- [:pointer, :size_t, :pointer, :ulong_long, :pointer, :size_t]
25
+ sodium_function :generichash_blake2b,
26
+ :crypto_generichash_blake2b_salt_personal,
27
+ [:pointer, :size_t, :pointer, :ulong_long, :pointer, :size_t, :pointer, :pointer]
28
+
29
+ EMPTY_PERSONAL = ("\0" * PERSONALBYTES).freeze
30
+ EMPTY_SALT = ("\0" * SALTBYTES).freeze
26
31
 
27
32
  # Create a new Blake2b hash object
28
33
  #
29
34
  # @param [Hash] opts Blake2b configuration
30
35
  # @option opts [String] :key for Blake2b keyed mode
31
36
  # @option opts [Integer] :digest_size size of output digest in bytes
37
+ # @option opts [String] :salt Provide a salt to support randomised hashing.
38
+ # This is mixed into the parameters block to start the hashing.
39
+ # @option opts [Personal] :personal Provide personalisation string to allow pinning a hash for a particular purpose.
40
+ # This is mixed into the parameters block to start the hashing
32
41
  #
33
42
  # @raise [RbNaCl::LengthError] Invalid length specified for one or more options
34
43
  #
@@ -47,6 +56,12 @@ module RbNaCl
47
56
  @digest_size = opts.fetch(:digest_size, BYTES_MAX)
48
57
  fail LengthError, "digest size too short" if @digest_size < BYTES_MIN
49
58
  fail LengthError, "digest size too long" if @digest_size > BYTES_MAX
59
+
60
+ @personal = opts.fetch(:personal, EMPTY_PERSONAL)
61
+ @personal = Util.zero_pad(PERSONALBYTES, @personal)
62
+
63
+ @salt = opts.fetch(:salt, EMPTY_SALT)
64
+ @salt = Util.zero_pad(SALTBYTES, @salt)
50
65
  end
51
66
 
52
67
  # Calculate a Blake2b digest
@@ -56,7 +71,8 @@ module RbNaCl
56
71
  # @return [String] Blake2b digest of the string as raw bytes
57
72
  def digest(message)
58
73
  digest = Util.zeros(@digest_size)
59
- self.class.generichash_blake2b(digest, @digest_size, message, message.bytesize, @key, @key_size) || fail(CryptoError, "Hashing failed!")
74
+ self.class.generichash_blake2b(digest, @digest_size, message, message.bytesize, @key, @key_size, @salt, @personal) ||
75
+ fail(CryptoError, "Hashing failed!")
60
76
  digest
61
77
  end
62
78
  end
@@ -91,7 +91,7 @@ module RbNaCl
91
91
  def open(nonce, ciphertext)
92
92
  Util.check_length(nonce, nonce_bytes, "Nonce")
93
93
  ct = Util.prepend_zeros(BOXZEROBYTES, ciphertext)
94
- message = Util.zeros(ct.bytesize)
94
+ message = Util.zeros(ct.bytesize)
95
95
 
96
96
  success = self.class.secretbox_xsalsa20poly1305_open(message, ct, ct.bytesize, nonce, @key)
97
97
  fail CryptoError, "Decryption failed. Ciphertext failed verification." unless success
@@ -73,7 +73,7 @@ module RbNaCl
73
73
  end
74
74
 
75
75
  begin
76
- passed = false
76
+ passed = false
77
77
  bad_signature = signature[0, 63] + "0"
78
78
  verify_key.verify(bad_signature, message)
79
79
  rescue CryptoError
@@ -99,7 +99,7 @@ module RbNaCl
99
99
  fail SelfTestFailure, "#{klass} failed to verify correct authentication tag" unless authenticator.verify(vector(tag), message)
100
100
 
101
101
  begin
102
- passed = false
102
+ passed = false
103
103
  authenticator.verify(vector(tag), message + " ")
104
104
  rescue CryptoError
105
105
  passed = true
@@ -33,36 +33,36 @@ module RbNaCl
33
33
  extend Forwardable
34
34
  def_delegators :@box, :nonce_bytes, :primitive
35
35
 
36
- # Create a new RandomNonceBox
36
+ # Create a new SimpleBox
37
37
  #
38
38
  # @param box [SecretBox, Box] the SecretBox or Box to use.
39
39
  #
40
- # @return [RandomNonceBox] Ready for use
40
+ # @return [SimpleBox] Ready for use
41
41
  def initialize(box)
42
42
  @box = box
43
43
  end
44
44
 
45
- # Use a secret key to create a RandomNonceBox
45
+ # Use a secret key to create a SimpleBox
46
46
  #
47
47
  # This is a convenience method. It takes a secret key and instantiates a
48
- # SecretBox under the hood, then returns the new RandomNonceBox.
48
+ # SecretBox under the hood, then returns the new SimpleBox.
49
49
  #
50
50
  # @param secret_key [String] The secret key, 32 bytes long.
51
51
  #
52
- # @return [RandomNonceBox] Ready for use
52
+ # @return [SimpleBox] Ready for use
53
53
  def self.from_secret_key(secret_key)
54
54
  new(SecretBox.new(secret_key))
55
55
  end
56
56
 
57
- # Use a pair of keys to create a RandomNonceBox
57
+ # Use a pair of keys to create a SimpleBox
58
58
  #
59
59
  # This is a convenience method. It takes a pair of keys and instantiates a
60
- # Box under the hood, then returns the new RandomNonceBox.
60
+ # Box under the hood, then returns the new SimpleBox.
61
61
  #
62
62
  # @param public_key [PublicKey, String] The RbNaCl public key, as class or string
63
63
  # @param private_key [PrivateKey, String] The RbNaCl private key, as class or string
64
64
  #
65
- # @return [RandomNonceBox] Ready for use
65
+ # @return [SimpleBox] Ready for use
66
66
  def self.from_keypair(public_key, private_key)
67
67
  new(Box.new(public_key, private_key))
68
68
  end
@@ -8,10 +8,10 @@ module RbNaCl
8
8
  # Curve25519 test vectors
9
9
  # Taken from the NaCl distribution
10
10
  #
11
- alice_private: "77076d0a7318a57d3c16c17251b26645df4c2f87ebc0992ab177fba51db92c2a",
12
- alice_public: "8520f0098930a754748b7ddcb43ef75a0dbf3a0d26381af4eba4a98eaa9b4e6a",
13
- bob_private: "5dab087e624a8a4b79e17f8b83800ee66f3bb1292618b6fd1c2f8b27ff88e0eb",
14
- bob_public: "de9edb7d7b7dc1b4d35b61c2ece435373f8343c85b78674dadfc7e146f882b4f",
11
+ alice_private: "77076d0a7318a57d3c16c17251b26645df4c2f87ebc0992ab177fba51db92c2a",
12
+ alice_public: "8520f0098930a754748b7ddcb43ef75a0dbf3a0d26381af4eba4a98eaa9b4e6a",
13
+ bob_private: "5dab087e624a8a4b79e17f8b83800ee66f3bb1292618b6fd1c2f8b27ff88e0eb",
14
+ bob_public: "de9edb7d7b7dc1b4d35b61c2ece435373f8343c85b78674dadfc7e146f882b4f",
15
15
  alice_mult_bob: "4a5d9d5ba4ce2de1728e3bf480350f25e07e21c947d19e3376f09b3c1e161742",
16
16
 
17
17
  #
@@ -36,13 +36,13 @@ module RbNaCl
36
36
  # Ed25519 test vectors
37
37
  # Taken from the Python test vectors: http://ed25519.cr.yp.to/python/sign.input
38
38
  #
39
- sign_private: "b18e1d0045995ec3d010c387ccfeb984d783af8fbb0f40fa7db126d889f6dadd",
40
- sign_public: "77f48b59caeda77751ed138b0ec667ff50f8768c25d48309a8f386a2bad187fb",
41
- sign_message: "916c7d1d268fc0e77c1bef238432573c39be577bbea0998936add2b50a653171" \
42
- "ce18a542b0b7f96c1691a3be6031522894a8634183eda38798a0c5d5d79fbd01" \
43
- "dd04a8646d71873b77b221998a81922d8105f892316369d5224c9983372d2313" \
44
- "c6b1f4556ea26ba49d46e8b561e0fc76633ac9766e68e21fba7edca93c4c7460" \
45
- "376d7f3ac22ff372c18f613f2ae2e856af40",
39
+ sign_private: "b18e1d0045995ec3d010c387ccfeb984d783af8fbb0f40fa7db126d889f6dadd",
40
+ sign_public: "77f48b59caeda77751ed138b0ec667ff50f8768c25d48309a8f386a2bad187fb",
41
+ sign_message: "916c7d1d268fc0e77c1bef238432573c39be577bbea0998936add2b50a653171" \
42
+ "ce18a542b0b7f96c1691a3be6031522894a8634183eda38798a0c5d5d79fbd01" \
43
+ "dd04a8646d71873b77b221998a81922d8105f892316369d5224c9983372d2313" \
44
+ "c6b1f4556ea26ba49d46e8b561e0fc76633ac9766e68e21fba7edca93c4c7460" \
45
+ "376d7f3ac22ff372c18f613f2ae2e856af40",
46
46
  sign_signature: "6bd710a368c1249923fc7a1610747403040f0cc30815a00f9ff548a896bbda0b" \
47
47
  "4eb2ca19ebcf917f0f34200a9edbad3901b64ab09cc5ef7b9bcc3c40c0ff7509",
48
48
 
@@ -50,66 +50,87 @@ module RbNaCl
50
50
  # SHA256 test vectors
51
51
  # Taken from the NSRL test vectors: http://www.nsrl.nist.gov/testdata/
52
52
  sha256_message: "6162636462636465636465666465666765666768666768696768696a68696a6b" \
53
- "696a6b6c6a6b6c6d6b6c6d6e6c6d6e6f6d6e6f706e6f7071",
54
- sha256_digest: "248d6a61d20638b8e5c026930c3e6039a33ce45964ff2167f6ecedd419db06c1",
55
- sha256_empty: "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855",
53
+ "696a6b6c6a6b6c6d6b6c6d6e6c6d6e6f6d6e6f706e6f7071",
54
+ sha256_digest: "248d6a61d20638b8e5c026930c3e6039a33ce45964ff2167f6ecedd419db06c1",
55
+ sha256_empty: "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855",
56
56
 
57
57
  #
58
58
  # SHA512 test vectors
59
59
  # self-created (FIXME: find standard test vectors)
60
60
  sha512_message: "54686520717569636b2062726f776e20666f78206a756d7073206f7665722074" \
61
- "6865206c617a7920646f672e",
62
- sha512_digest: "91ea1245f20d46ae9a037a989f54f1f790f0a47607eeb8a14d12890cea77a1bb" \
63
- "c6c7ed9cf205e67b7f2b8fd4c7dfd3a7a8617e45f3c463d481c7e586c39ac1ed",
64
- sha512_empty: "cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce" \
65
- "47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e",
61
+ "6865206c617a7920646f672e",
62
+ sha512_digest: "91ea1245f20d46ae9a037a989f54f1f790f0a47607eeb8a14d12890cea77a1bb" \
63
+ "c6c7ed9cf205e67b7f2b8fd4c7dfd3a7a8617e45f3c463d481c7e586c39ac1ed",
64
+ sha512_empty: "cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce" \
65
+ "47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e",
66
66
 
67
67
  # Blake2b test vectors
68
68
  # self-created? (TODO: double check, fix)
69
69
  blake2b_message: "54686520717569636b2062726f776e20666f78206a756d7073206f7665722074" \
70
- "6865206c617a7920646f67",
71
- blake2b_digest: "a8add4bdddfd93e4877d2746e62817b116364a1fa7bc148d95090bc7333b3673" \
72
- "f82401cf7aa2e4cb1ecd90296e3f14cb5413f8ed77be73045b13914cdcd6a918",
73
- blake2b_empty: "786a02f742015903c6c6fd852552d272912f4740e15847618a86e217f71f5419" \
74
- "d25e1031afee585313896444934eb04b903a685b1448b755d56f701afe9be2ce",
70
+ "6865206c617a7920646f67",
71
+ blake2b_digest: "a8add4bdddfd93e4877d2746e62817b116364a1fa7bc148d95090bc7333b3673" \
72
+ "f82401cf7aa2e4cb1ecd90296e3f14cb5413f8ed77be73045b13914cdcd6a918",
73
+ blake2b_empty: "786a02f742015903c6c6fd852552d272912f4740e15847618a86e217f71f5419" \
74
+ "d25e1031afee585313896444934eb04b903a685b1448b755d56f701afe9be2ce",
75
75
 
76
76
  # from the Blake2 paper(?) (TODO: double check)
77
77
  blake2b_keyed_message: "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f" \
78
- "202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f" \
79
- "404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f" \
80
- "606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f" \
81
- "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f" \
82
- "a0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebf" \
83
- "c0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedf" \
84
- "e0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfe",
85
- blake2b_key: "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f" \
86
- "202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f",
87
- blake2b_keyed_digest: "142709d62e28fcccd0af97fad0f8465b971e82201dc51070faa0372aa43e9248" \
88
- "4be1c1e73ba10906d5d1853db6a4106e0a7bf9800d373d6dee2d46d62ef2a461",
78
+ "202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f" \
79
+ "404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f" \
80
+ "606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f" \
81
+ "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f" \
82
+ "a0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebf" \
83
+ "c0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedf" \
84
+ "e0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfe",
85
+ blake2b_key: "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f" \
86
+ "202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f",
87
+ blake2b_keyed_digest: "142709d62e28fcccd0af97fad0f8465b971e82201dc51070faa0372aa43e9248" \
88
+ "4be1c1e73ba10906d5d1853db6a4106e0a7bf9800d373d6dee2d46d62ef2a461",
89
+
90
+ # Generated using the blake2 reference code
91
+ blake2b_personal: "000102030405060708090a0b0c0d0e0f",
92
+
93
+ blake2b_personal_digest: "7c86d3f929c9ac7f08c7940095da7c1cad2cf29db2e7a25fb05d99163e587cbd" \
94
+ "f3564e8ce727b734a0559ee76f6ff5aeebd4e1e8872f1829174c9b1a9dab80e3",
95
+
96
+ blake2b_salt: "000102030405060708090a0b0c0d0e0f",
97
+
98
+ blake2b_salt_digest: "16e2e2cfb97e6061bccf2fcc1e605e117dee806c959ef2ad01249d4d12ce98cb" \
99
+ "c993f400003ba57449f60a7b071ffdaff9c0acb16891a01a9b397ffe89db96bb",
100
+
101
+ blake2b_personal_short: "0001020304050607",
102
+
103
+ blake2b_personal_short_digest: "41b984967f852308710a6042d25f5faf4a84900b2001039075dab13aecfab7c8" \
104
+ "40def9506326563fbb355b3da629181d97d2556e4624711d68f8f655b7cbb435",
105
+
106
+ blake2b_salt_short: "0001020304050607",
107
+
108
+ blake2b_salt_short_digest: "873f35a1ca28febc872d6f842a8cd23136f3a2c22c19e8f0dac4cc704ced3371"\
109
+ "abe5105f65d344cd48bad8aba755620f63f1e0b35ae4439bf871ffe72485a309",
89
110
 
90
111
  # scrypt test vectors
91
112
  # Taken from http://tools.ietf.org/html/draft-josefsson-scrypt-kdf-01#page-14
92
113
  scrypt_password: "4a857e2ee8aa9b6056f2424e84d24a72473378906ee04a46cb05311502d5250b" \
93
- "82ad86b83c8f20a23dbb74f6da60b0b6ecffd67134d45946ac8ebfb3064294bc" \
94
- "097d43ced68642bfb8bbbdd0f50b30118f5e",
95
- scrypt_salt: "39d82eef32010b8b79cc5ba88ed539fbaba741100f2edbeca7cc171ffeabf258",
114
+ "82ad86b83c8f20a23dbb74f6da60b0b6ecffd67134d45946ac8ebfb3064294bc" \
115
+ "097d43ced68642bfb8bbbdd0f50b30118f5e",
116
+ scrypt_salt: "39d82eef32010b8b79cc5ba88ed539fbaba741100f2edbeca7cc171ffeabf258",
96
117
  scrypt_opslimit: 758_010,
97
118
  scrypt_memlimit: 5_432_947,
98
- scrypt_digest: "bcc5c2fd785e4781d1201ed43d84925537e2a540d3de55f5812f29e9dd0a4a00" \
99
- "451a5c8ddbb4862c03d45c75bf91b7fb49265feb667ad5c899fdbf2ca19eac67",
119
+ scrypt_digest: "bcc5c2fd785e4781d1201ed43d84925537e2a540d3de55f5812f29e9dd0a4a00" \
120
+ "451a5c8ddbb4862c03d45c75bf91b7fb49265feb667ad5c899fdbf2ca19eac67",
100
121
 
101
122
  # Auth test vectors
102
123
  # Taken from NaCl distribution
103
124
  #
104
- auth_key: "eea6a7251c1e72916d11c2cb214d3c252539121d8e234e652d651fa4c8cff880",
125
+ auth_key: "eea6a7251c1e72916d11c2cb214d3c252539121d8e234e652d651fa4c8cff880",
105
126
  auth_message: "8e993b9f48681273c29650ba32fc76ce48332ea7164d96a4476fb8c531a1186a" \
106
- "c0dfc17c98dce87b4da7f011ec48c97271d2c20f9b928fe2270d6fb863d51738" \
107
- "b48eeee314a7cc8ab932164548e526ae90224368517acfeabd6bb3732bc0e9da" \
108
- "99832b61ca01b6de56244a9e88d5f9b37973f622a43d14a6599b1f654cb45a74" \
109
- "e355a5",
127
+ "c0dfc17c98dce87b4da7f011ec48c97271d2c20f9b928fe2270d6fb863d51738" \
128
+ "b48eeee314a7cc8ab932164548e526ae90224368517acfeabd6bb3732bc0e9da" \
129
+ "99832b61ca01b6de56244a9e88d5f9b37973f622a43d14a6599b1f654cb45a74" \
130
+ "e355a5",
110
131
  auth_onetime: "f3ffc7703f9400e52a7dfb4b3d3305d9",
111
132
  # self-created (FIXME: find standard test vectors)
112
- auth_hmacsha256: "7f7b9b707e8790ca8620ff94df5e6533ddc8e994060ce310c9d7de04d44aabc3",
133
+ auth_hmacsha256: "7f7b9b707e8790ca8620ff94df5e6533ddc8e994060ce310c9d7de04d44aabc3",
113
134
  auth_hmacsha512256: "b2a31b8d4e01afcab2ee545b5caf4e3d212a99d7b3a116a97cec8e83c32e107d"
114
135
  }
115
136
  end
@@ -47,6 +47,25 @@ module RbNaCl
47
47
  message.slice!(n, message.bytesize - n)
48
48
  end
49
49
 
50
+ # Pad a string out to n characters with zeros
51
+ #
52
+ # @param [Integer] n The length of the resulting string
53
+ # @param [String] message the message to be padded
54
+ #
55
+ # @raise [RbNaCl::LengthError] If the string is too long
56
+ #
57
+ # @return [String] A string, n bytes long
58
+ def zero_pad(n, message)
59
+ len = message.bytesize
60
+ if len == n
61
+ message
62
+ elsif len > n
63
+ fail LengthError, "String too long for zero-padding to #{n} bytes"
64
+ else
65
+ message + zeros(n - len)
66
+ end
67
+ end
68
+
50
69
  # Check the length of the passed in string
51
70
  #
52
71
  # In several places through the codebase we have to be VERY strict with
@@ -3,5 +3,5 @@
3
3
  # NaCl/libsodium for Ruby
4
4
  module RbNaCl
5
5
  # The library's version
6
- VERSION = "3.2.0"
6
+ VERSION = "3.3.0"
7
7
  end
@@ -11,7 +11,7 @@ Gem::Specification.new do |gem|
11
11
  gem.description = "Ruby binding to the Networking and Cryptography (NaCl) library"
12
12
  gem.summary = "The Networking and Cryptography (NaCl) library provides a high-level toolkit for building cryptographic systems and protocols"
13
13
  gem.homepage = "https://github.com/cryptosphere/rbnacl"
14
- gem.licenses = ["MIT"]
14
+ gem.licenses = ["MIT"]
15
15
 
16
16
  gem.files = `git ls-files`.split($INPUT_RECORD_SEPARATOR)
17
17
  gem.executables = gem.files.grep(%r{^bin/}).map { |f| File.basename(f) }
@@ -2,7 +2,7 @@
2
2
  require "spec_helper"
3
3
 
4
4
  RSpec.describe RbNaCl::PublicKey do
5
- let(:alicepk) { vector :alice_public }
5
+ let(:alicepk) { vector :alice_public }
6
6
 
7
7
  subject { RbNaCl::PublicKey.new(alicepk) }
8
8
 
@@ -27,4 +27,36 @@ RSpec.describe RbNaCl::Hash::Blake2b do
27
27
  expect { RbNaCl::Hash.blake2b(reference_string, key: "") }.to raise_exception
28
28
  end
29
29
  end
30
+
31
+ context "personalized" do
32
+ let(:reference_string) { vector :blake2b_message }
33
+ let(:reference_personal) { vector :blake2b_personal }
34
+ let(:reference_personal_hash) { vector :blake2b_personal_digest }
35
+ let(:reference_personal_short) { vector :blake2b_personal_short }
36
+ let(:reference_personal_short_hash) { vector :blake2b_personal_short_digest }
37
+
38
+ it "calculates personalised hashes correctly" do
39
+ expect(RbNaCl::Hash.blake2b(reference_string, personal: reference_personal)).to eq reference_personal_hash
40
+ end
41
+
42
+ it "calculates personalised hashes correctly with a short personal" do
43
+ expect(RbNaCl::Hash.blake2b(reference_string, personal: reference_personal_short)).to eq reference_personal_short_hash
44
+ end
45
+ end
46
+
47
+ context "salted" do
48
+ let(:reference_string) { vector :blake2b_message }
49
+ let(:reference_salt) { vector :blake2b_salt }
50
+ let(:reference_salt_hash) { vector :blake2b_salt_digest }
51
+ let(:reference_salt_short) { vector :blake2b_salt_short }
52
+ let(:reference_salt_short_hash) { vector :blake2b_salt_short_digest }
53
+
54
+ it "calculates saltised hashes correctly" do
55
+ expect(RbNaCl::Hash.blake2b(reference_string, salt: reference_salt)).to eq reference_salt_hash
56
+ end
57
+
58
+ it "calculates saltised hashes correctly with a short salt" do
59
+ expect(RbNaCl::Hash.blake2b(reference_string, salt: reference_salt_short)).to eq reference_salt_short_hash
60
+ end
61
+ end
30
62
  end
@@ -2,8 +2,8 @@
2
2
 
3
3
  RSpec.shared_examples "box" do
4
4
  let(:nonce) { vector :box_nonce }
5
- let(:invalid_nonce) { nonce[0, 12] } # too short!
6
- let(:invalid_nonce_long) { nonce + nonce } # too long!
5
+ let(:invalid_nonce) { nonce[0, 12] } # too short!
6
+ let(:invalid_nonce_long) { nonce + nonce } # too long!
7
7
  let(:message) { vector :box_message }
8
8
  let(:ciphertext) { vector :box_ciphertext }
9
9
  let(:nonce_error_regex) { /Nonce.*(Expected #{box.nonce_bytes})/ }
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: rbnacl
3
3
  version: !ruby/object:Gem::Version
4
- version: 3.2.0
4
+ version: 3.3.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Tony Arcieri
@@ -10,7 +10,7 @@ autorequire:
10
10
  bindir: bin
11
11
  cert_chain:
12
12
  - bascule.cert
13
- date: 2015-06-01 00:00:00.000000000 Z
13
+ date: 2015-12-30 00:00:00.000000000 Z
14
14
  dependencies:
15
15
  - !ruby/object:Gem::Dependency
16
16
  name: ffi
@@ -168,7 +168,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
168
168
  version: '0'
169
169
  requirements: []
170
170
  rubyforge_project:
171
- rubygems_version: 2.4.6
171
+ rubygems_version: 2.5.1
172
172
  signing_key:
173
173
  specification_version: 4
174
174
  summary: The Networking and Cryptography (NaCl) library provides a high-level toolkit
@@ -195,3 +195,4 @@ test_files:
195
195
  - spec/shared/key_equality.rb
196
196
  - spec/shared/serializable.rb
197
197
  - spec/spec_helper.rb
198
+ has_rdoc: