rbnacl 5.0.0 → 6.0.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +5 -5
- data/.gitignore +1 -0
- data/.rubocop.yml +34 -12
- data/.travis.yml +16 -16
- data/CHANGES.md +37 -10
- data/Gemfile +4 -3
- data/Guardfile +2 -0
- data/LICENSE.txt +1 -1
- data/README.md +31 -21
- data/Rakefile +4 -3
- data/lib/rbnacl.rb +8 -3
- data/lib/rbnacl/aead/base.rb +3 -0
- data/lib/rbnacl/aead/chacha20poly1305_ietf.rb +2 -2
- data/lib/rbnacl/aead/chacha20poly1305_legacy.rb +2 -2
- data/lib/rbnacl/aead/xchacha20poly1305_ietf.rb +44 -0
- data/lib/rbnacl/boxes/curve25519xsalsa20poly1305.rb +6 -5
- data/lib/rbnacl/boxes/curve25519xsalsa20poly1305/private_key.rb +1 -1
- data/lib/rbnacl/group_elements/curve25519.rb +2 -1
- data/lib/rbnacl/hash/blake2b.rb +6 -4
- data/lib/rbnacl/hash/sha256.rb +1 -1
- data/lib/rbnacl/hash/sha512.rb +1 -1
- data/lib/rbnacl/hmac/sha256.rb +73 -8
- data/lib/rbnacl/hmac/sha512.rb +73 -8
- data/lib/rbnacl/hmac/sha512256.rb +71 -8
- data/lib/rbnacl/init.rb +1 -5
- data/lib/rbnacl/one_time_auths/poly1305.rb +2 -2
- data/lib/rbnacl/password_hash.rb +33 -2
- data/lib/rbnacl/password_hash/argon2.rb +37 -18
- data/lib/rbnacl/password_hash/scrypt.rb +1 -1
- data/lib/rbnacl/random.rb +1 -3
- data/lib/rbnacl/secret_boxes/xsalsa20poly1305.rb +2 -2
- data/lib/rbnacl/signatures/ed25519/signing_key.rb +2 -2
- data/lib/rbnacl/signatures/ed25519/verify_key.rb +1 -1
- data/lib/rbnacl/sodium.rb +16 -12
- data/lib/rbnacl/sodium/version.rb +3 -1
- data/lib/rbnacl/test_vectors.rb +104 -44
- data/lib/rbnacl/util.rb +92 -8
- data/lib/rbnacl/version.rb +1 -1
- data/rbnacl.gemspec +6 -7
- data/spec/rbnacl/aead/xchacha20poly1305_ietf_spec.rb +14 -0
- data/spec/rbnacl/authenticators/poly1305_spec.rb +21 -1
- data/spec/rbnacl/boxes/curve25519xsalsa20poly1305_spec.rb +18 -6
- data/spec/rbnacl/hmac/sha256_spec.rb +6 -1
- data/spec/rbnacl/hmac/sha512256_spec.rb +6 -1
- data/spec/rbnacl/hmac/sha512_spec.rb +6 -1
- data/spec/rbnacl/password_hash/argon2_spec.rb +56 -14
- data/spec/rbnacl/signatures/ed25519/signing_key_spec.rb +5 -4
- data/spec/rbnacl/util_spec.rb +63 -4
- data/spec/shared/aead.rb +33 -13
- data/spec/shared/authenticator.rb +0 -19
- data/spec/shared/box.rb +18 -6
- data/spec/shared/hmac.rb +46 -0
- data/spec/spec_helper.rb +3 -1
- metadata +22 -18
- data/.ruby-version +0 -1
@@ -16,11 +16,11 @@ module RbNaCl
|
|
16
16
|
|
17
17
|
sodium_function :aead_chacha20poly1305_encrypt,
|
18
18
|
:crypto_aead_chacha20poly1305_encrypt,
|
19
|
-
[
|
19
|
+
%i[pointer pointer pointer ulong_long pointer ulong_long pointer pointer pointer]
|
20
20
|
|
21
21
|
sodium_function :aead_chacha20poly1305_decrypt,
|
22
22
|
:crypto_aead_chacha20poly1305_decrypt,
|
23
|
-
[
|
23
|
+
%i[pointer pointer pointer pointer ulong_long pointer ulong_long pointer pointer]
|
24
24
|
|
25
25
|
private
|
26
26
|
|
@@ -0,0 +1,44 @@
|
|
1
|
+
# encoding: binary
|
2
|
+
# frozen_string_literal: true
|
3
|
+
|
4
|
+
module RbNaCl
|
5
|
+
module AEAD
|
6
|
+
# This class contains wrappers for the IETF implementation of
|
7
|
+
# Authenticated Encryption with Additional Data using ChaCha20-Poly1305
|
8
|
+
class XChaCha20Poly1305IETF < RbNaCl::AEAD::Base
|
9
|
+
extend Sodium
|
10
|
+
if Sodium::Version.supported_version?("1.0.12")
|
11
|
+
sodium_type :aead
|
12
|
+
sodium_primitive :xchacha20poly1305_ietf
|
13
|
+
|
14
|
+
sodium_constant :KEYBYTES
|
15
|
+
sodium_constant :NPUBBYTES
|
16
|
+
sodium_constant :ABYTES
|
17
|
+
|
18
|
+
sodium_function :aead_xchacha20poly1305_ietf_encrypt,
|
19
|
+
:crypto_aead_xchacha20poly1305_ietf_encrypt,
|
20
|
+
%i[pointer pointer pointer ulong_long pointer ulong_long pointer pointer pointer]
|
21
|
+
|
22
|
+
sodium_function :aead_xchacha20poly1305_ietf_decrypt,
|
23
|
+
:crypto_aead_xchacha20poly1305_ietf_decrypt,
|
24
|
+
%i[pointer pointer pointer pointer ulong_long pointer ulong_long pointer pointer]
|
25
|
+
|
26
|
+
private
|
27
|
+
|
28
|
+
def do_encrypt(ciphertext, ciphertext_len, nonce, message, additional_data)
|
29
|
+
self.class.aead_xchacha20poly1305_ietf_encrypt(ciphertext, ciphertext_len,
|
30
|
+
message, data_len(message),
|
31
|
+
additional_data, data_len(additional_data),
|
32
|
+
nil, nonce, @key)
|
33
|
+
end
|
34
|
+
|
35
|
+
def do_decrypt(message, message_len, nonce, ciphertext, additional_data)
|
36
|
+
self.class.aead_xchacha20poly1305_ietf_decrypt(message, message_len, nil,
|
37
|
+
ciphertext, data_len(ciphertext),
|
38
|
+
additional_data, data_len(additional_data),
|
39
|
+
nonce, @key)
|
40
|
+
end
|
41
|
+
end
|
42
|
+
end
|
43
|
+
end
|
44
|
+
end
|
@@ -18,7 +18,7 @@ module RbNaCl
|
|
18
18
|
# #=> #<RbNaCl::PrivateKey ...>
|
19
19
|
#
|
20
20
|
# # send bobkey.public_key to alice
|
21
|
-
# #
|
21
|
+
# # receive alice's public key, alicepk
|
22
22
|
# # NB: This is actually the hard part of the system. How to do it securely
|
23
23
|
# # is left as an exercise to for the reader.
|
24
24
|
# alice_pubkey = "..."
|
@@ -77,15 +77,15 @@ module RbNaCl
|
|
77
77
|
|
78
78
|
sodium_function :box_curve25519xsalsa20poly1305_beforenm,
|
79
79
|
:crypto_box_curve25519xsalsa20poly1305_beforenm,
|
80
|
-
[
|
80
|
+
%i[pointer pointer pointer]
|
81
81
|
|
82
82
|
sodium_function :box_curve25519xsalsa20poly1305_open_afternm,
|
83
83
|
:crypto_box_curve25519xsalsa20poly1305_open_afternm,
|
84
|
-
[
|
84
|
+
%i[pointer pointer ulong_long pointer pointer]
|
85
85
|
|
86
86
|
sodium_function :box_curve25519xsalsa20poly1305_afternm,
|
87
87
|
:crypto_box_curve25519xsalsa20poly1305_afternm,
|
88
|
-
[
|
88
|
+
%i[pointer pointer ulong_long pointer pointer]
|
89
89
|
|
90
90
|
# Create a new Box
|
91
91
|
#
|
@@ -180,10 +180,11 @@ module RbNaCl
|
|
180
180
|
private
|
181
181
|
|
182
182
|
def beforenm
|
183
|
-
@
|
183
|
+
@beforenm ||= begin
|
184
184
|
key = Util.zeros(BEFORENMBYTES)
|
185
185
|
success = self.class.box_curve25519xsalsa20poly1305_beforenm(key, @public_key.to_s, @private_key.to_s)
|
186
186
|
raise CryptoError, "Failed to derive shared key" unless success
|
187
|
+
|
187
188
|
key
|
188
189
|
end
|
189
190
|
end
|
@@ -24,7 +24,7 @@ module RbNaCl
|
|
24
24
|
|
25
25
|
sodium_function :box_curve25519xsalsa20poly1305_keypair,
|
26
26
|
:crypto_box_curve25519xsalsa20poly1305_keypair,
|
27
|
-
[
|
27
|
+
%i[pointer pointer]
|
28
28
|
|
29
29
|
# The size of the key, in bytes
|
30
30
|
BYTES = Boxes::Curve25519XSalsa20Poly1305::PRIVATEKEYBYTES
|
@@ -31,7 +31,7 @@ module RbNaCl
|
|
31
31
|
|
32
32
|
sodium_function :scalarmult_curve25519,
|
33
33
|
:crypto_scalarmult_curve25519,
|
34
|
-
[
|
34
|
+
%i[pointer pointer pointer]
|
35
35
|
|
36
36
|
# Number of bytes in a scalar on this curve
|
37
37
|
SCALARBYTES = 32
|
@@ -68,6 +68,7 @@ module RbNaCl
|
|
68
68
|
result = Util.zeros(SCALARBYTES)
|
69
69
|
|
70
70
|
raise CryptoError, "degenerate key detected" unless self.class.scalarmult_curve25519(result, integer, @point)
|
71
|
+
|
71
72
|
self.class.new(result)
|
72
73
|
end
|
73
74
|
|
data/lib/rbnacl/hash/blake2b.rb
CHANGED
@@ -26,19 +26,19 @@ module RbNaCl
|
|
26
26
|
|
27
27
|
sodium_function :generichash_blake2b,
|
28
28
|
:crypto_generichash_blake2b_salt_personal,
|
29
|
-
[
|
29
|
+
%i[pointer size_t pointer ulong_long pointer size_t pointer pointer]
|
30
30
|
|
31
31
|
sodium_function :generichash_blake2b_init,
|
32
32
|
:crypto_generichash_blake2b_init_salt_personal,
|
33
|
-
[
|
33
|
+
%i[pointer pointer size_t size_t pointer pointer]
|
34
34
|
|
35
35
|
sodium_function :generichash_blake2b_update,
|
36
36
|
:crypto_generichash_blake2b_update,
|
37
|
-
[
|
37
|
+
%i[pointer pointer ulong_long]
|
38
38
|
|
39
39
|
sodium_function :generichash_blake2b_final,
|
40
40
|
:crypto_generichash_blake2b_final,
|
41
|
-
[
|
41
|
+
%i[pointer pointer size_t]
|
42
42
|
|
43
43
|
EMPTY_PERSONAL = ("\0" * PERSONALBYTES).freeze
|
44
44
|
EMPTY_SALT = ("\0" * SALTBYTES).freeze
|
@@ -93,6 +93,7 @@ module RbNaCl
|
|
93
93
|
digest_size = opts.fetch(:digest_size, BYTES_MAX)
|
94
94
|
raise LengthError, "digest size too short" if digest_size < BYTES_MIN
|
95
95
|
raise LengthError, "digest size too long" if digest_size > BYTES_MAX
|
96
|
+
|
96
97
|
opts[:digest_size] = digest_size
|
97
98
|
|
98
99
|
personal = opts.fetch(:personal, EMPTY_PERSONAL)
|
@@ -161,6 +162,7 @@ module RbNaCl
|
|
161
162
|
def digest
|
162
163
|
raise(CryptoError, "No message to hash yet!") unless @incycle
|
163
164
|
return @digest if @digest
|
165
|
+
|
164
166
|
@digest = Util.zeros(@digest_size)
|
165
167
|
self.class.generichash_blake2b_final(@instate.pointer, @digest, @digest_size) ||
|
166
168
|
raise(CryptoError, "Hash finalization failed!")
|
data/lib/rbnacl/hash/sha256.rb
CHANGED
data/lib/rbnacl/hash/sha512.rb
CHANGED
data/lib/rbnacl/hmac/sha256.rb
CHANGED
@@ -22,23 +22,88 @@ module RbNaCl
|
|
22
22
|
sodium_constant :BYTES
|
23
23
|
sodium_constant :KEYBYTES
|
24
24
|
|
25
|
-
sodium_function :
|
26
|
-
:
|
27
|
-
[
|
25
|
+
sodium_function :auth_hmacsha256_init,
|
26
|
+
:crypto_auth_hmacsha256_init,
|
27
|
+
%i[pointer pointer size_t]
|
28
28
|
|
29
|
-
sodium_function :
|
30
|
-
:
|
31
|
-
[
|
29
|
+
sodium_function :auth_hmacsha256_update,
|
30
|
+
:crypto_auth_hmacsha256_update,
|
31
|
+
%i[pointer pointer ulong_long]
|
32
|
+
|
33
|
+
sodium_function :auth_hmacsha256_final,
|
34
|
+
:crypto_auth_hmacsha256_final,
|
35
|
+
%i[pointer pointer]
|
36
|
+
|
37
|
+
# Create instance without checking key length
|
38
|
+
#
|
39
|
+
# RFC 2104 HMAC
|
40
|
+
# The key for HMAC can be of any length.
|
41
|
+
#
|
42
|
+
# see https://tools.ietf.org/html/rfc2104#section-3
|
43
|
+
def initialize(key)
|
44
|
+
@key = Util.check_hmac_key(key, "#{self.class} key")
|
45
|
+
@state = State.new
|
46
|
+
@authenticator = Util.zeros(tag_bytes)
|
47
|
+
|
48
|
+
self.class.auth_hmacsha256_init(@state, key, key.bytesize)
|
49
|
+
end
|
50
|
+
|
51
|
+
# Compute authenticator for message
|
52
|
+
#
|
53
|
+
# @params [#to_str] message message to construct an authenticator for
|
54
|
+
def update(message)
|
55
|
+
self.class.auth_hmacsha256_update(@state, message, message.bytesize)
|
56
|
+
self.class.auth_hmacsha256_final(@state.clone, @authenticator)
|
57
|
+
|
58
|
+
hexdigest
|
59
|
+
end
|
60
|
+
|
61
|
+
# Return the authenticator, as raw bytes
|
62
|
+
#
|
63
|
+
# @return [String] The authenticator, as raw bytes
|
64
|
+
def digest
|
65
|
+
@authenticator
|
66
|
+
end
|
67
|
+
|
68
|
+
# Return the authenticator, as hex string
|
69
|
+
#
|
70
|
+
# @return [String] The authenticator, as hex string
|
71
|
+
def hexdigest
|
72
|
+
@authenticator.unpack("H*").last
|
73
|
+
end
|
32
74
|
|
33
75
|
private
|
34
76
|
|
35
77
|
def compute_authenticator(authenticator, message)
|
36
|
-
|
78
|
+
state = State.new
|
79
|
+
|
80
|
+
self.class.auth_hmacsha256_init(state, key, key.bytesize)
|
81
|
+
self.class.auth_hmacsha256_update(state, message, message.bytesize)
|
82
|
+
self.class.auth_hmacsha256_final(state, authenticator)
|
37
83
|
end
|
38
84
|
|
85
|
+
# libsodium crypto_auth_hmacsha256_verify works only for 32 byte keys
|
86
|
+
# ref: https://github.com/jedisct1/libsodium/blob/master/src/libsodium/crypto_auth/hmacsha256/auth_hmacsha256.c#L109
|
39
87
|
def verify_message(authenticator, message)
|
40
|
-
|
88
|
+
correct = Util.zeros(BYTES)
|
89
|
+
compute_authenticator(correct, message)
|
90
|
+
Util.verify32(correct, authenticator)
|
41
91
|
end
|
42
92
|
end
|
93
|
+
|
94
|
+
# The crypto_auth_hmacsha256_state struct representation
|
95
|
+
# ref: jedisct1/libsodium/src/libsodium/include/sodium/crypto_auth_hmacsha256.h
|
96
|
+
class SHA256State < FFI::Struct
|
97
|
+
layout :state, [:uint32, 8],
|
98
|
+
:count, :uint64,
|
99
|
+
:buf, [:uint8, 64]
|
100
|
+
end
|
101
|
+
|
102
|
+
# The crypto_hash_sha256_state struct representation
|
103
|
+
# ref: jedisct1/libsodium/src/libsodium/include/sodium/crypto_hash_sha256.h
|
104
|
+
class State < FFI::Struct
|
105
|
+
layout :ictx, SHA256State,
|
106
|
+
:octx, SHA256State
|
107
|
+
end
|
43
108
|
end
|
44
109
|
end
|
data/lib/rbnacl/hmac/sha512.rb
CHANGED
@@ -22,23 +22,88 @@ module RbNaCl
|
|
22
22
|
sodium_constant :BYTES
|
23
23
|
sodium_constant :KEYBYTES
|
24
24
|
|
25
|
-
sodium_function :
|
26
|
-
:
|
27
|
-
[
|
25
|
+
sodium_function :auth_hmacsha512_init,
|
26
|
+
:crypto_auth_hmacsha512_init,
|
27
|
+
%i[pointer pointer size_t]
|
28
28
|
|
29
|
-
sodium_function :
|
30
|
-
:
|
31
|
-
[
|
29
|
+
sodium_function :auth_hmacsha512_update,
|
30
|
+
:crypto_auth_hmacsha512_update,
|
31
|
+
%i[pointer pointer ulong_long]
|
32
|
+
|
33
|
+
sodium_function :auth_hmacsha512_final,
|
34
|
+
:crypto_auth_hmacsha512_final,
|
35
|
+
%i[pointer pointer]
|
36
|
+
|
37
|
+
# Create instance without checking key length
|
38
|
+
#
|
39
|
+
# RFC 2104 HMAC
|
40
|
+
# The key for HMAC can be of any length.
|
41
|
+
#
|
42
|
+
# see https://tools.ietf.org/html/rfc2104#section-3
|
43
|
+
def initialize(key)
|
44
|
+
@key = Util.check_hmac_key(key, "#{self.class} key")
|
45
|
+
@state = State.new
|
46
|
+
@authenticator = Util.zeros(tag_bytes)
|
47
|
+
|
48
|
+
self.class.auth_hmacsha512_init(@state, key, key.bytesize)
|
49
|
+
end
|
50
|
+
|
51
|
+
# Compute authenticator for message
|
52
|
+
#
|
53
|
+
# @params [#to_str] message message to construct an authenticator for
|
54
|
+
def update(message)
|
55
|
+
self.class.auth_hmacsha512_update(@state, message, message.bytesize)
|
56
|
+
self.class.auth_hmacsha512_final(@state.clone, @authenticator)
|
57
|
+
|
58
|
+
hexdigest
|
59
|
+
end
|
60
|
+
|
61
|
+
# Return the authenticator, as raw bytes
|
62
|
+
#
|
63
|
+
# @return [String] The authenticator, as raw bytes
|
64
|
+
def digest
|
65
|
+
@authenticator
|
66
|
+
end
|
67
|
+
|
68
|
+
# Return the authenticator, as hex string
|
69
|
+
#
|
70
|
+
# @return [String] The authenticator, as hex string
|
71
|
+
def hexdigest
|
72
|
+
@authenticator.unpack("H*").last
|
73
|
+
end
|
32
74
|
|
33
75
|
private
|
34
76
|
|
35
77
|
def compute_authenticator(authenticator, message)
|
36
|
-
|
78
|
+
state = State.new
|
79
|
+
|
80
|
+
self.class.auth_hmacsha512_init(state, key, key.bytesize)
|
81
|
+
self.class.auth_hmacsha512_update(state, message, message.bytesize)
|
82
|
+
self.class.auth_hmacsha512_final(state, authenticator)
|
37
83
|
end
|
38
84
|
|
85
|
+
# libsodium crypto_auth_hmacsha512_verify works only for 32 byte keys
|
86
|
+
# ref: https://github.com/jedisct1/libsodium/blob/master/src/libsodium/crypto_auth/hmacsha512/auth_hmacsha512.c#L109
|
39
87
|
def verify_message(authenticator, message)
|
40
|
-
|
88
|
+
correct = Util.zeros(BYTES)
|
89
|
+
compute_authenticator(correct, message)
|
90
|
+
Util.verify64(correct, authenticator)
|
41
91
|
end
|
42
92
|
end
|
93
|
+
|
94
|
+
# The crypto_auth_hmacsha512_state struct representation
|
95
|
+
# ref: jedisct1/libsodium/src/libsodium/include/sodium/crypto_auth_hmacsha512.h
|
96
|
+
class SHA512State < FFI::Struct
|
97
|
+
layout :state, [:uint64, 8],
|
98
|
+
:count, [:uint64, 2],
|
99
|
+
:buf, [:uint8, 128]
|
100
|
+
end
|
101
|
+
|
102
|
+
# The crypto_hash_sha512_state struct representation
|
103
|
+
# ref: jedisct1/libsodium/src/libsodium/include/sodium/crypto_hash_sha512.h
|
104
|
+
class State < FFI::Struct
|
105
|
+
layout :ictx, SHA512State,
|
106
|
+
:octx, SHA512State
|
107
|
+
end
|
43
108
|
end
|
44
109
|
end
|
@@ -22,23 +22,86 @@ module RbNaCl
|
|
22
22
|
sodium_constant :BYTES
|
23
23
|
sodium_constant :KEYBYTES
|
24
24
|
|
25
|
-
sodium_function :
|
26
|
-
:
|
27
|
-
[
|
25
|
+
sodium_function :auth_hmacsha512256_init,
|
26
|
+
:crypto_auth_hmacsha512256_init,
|
27
|
+
%i[pointer pointer size_t]
|
28
28
|
|
29
|
-
sodium_function :
|
30
|
-
:
|
31
|
-
[
|
29
|
+
sodium_function :auth_hmacsha512256_update,
|
30
|
+
:crypto_auth_hmacsha512256_update,
|
31
|
+
%i[pointer pointer ulong_long]
|
32
|
+
|
33
|
+
sodium_function :auth_hmacsha512256_final,
|
34
|
+
:crypto_auth_hmacsha512256_final,
|
35
|
+
%i[pointer pointer]
|
36
|
+
|
37
|
+
# Create instance without checking key length
|
38
|
+
#
|
39
|
+
# RFC 2104 HMAC
|
40
|
+
# The key for HMAC can be of any length.
|
41
|
+
#
|
42
|
+
# see https://tools.ietf.org/html/rfc2104#section-3
|
43
|
+
def initialize(key)
|
44
|
+
@key = Util.check_hmac_key(key, "#{self.class} key")
|
45
|
+
@state = State.new
|
46
|
+
@authenticator = Util.zeros(tag_bytes)
|
47
|
+
|
48
|
+
self.class.auth_hmacsha512256_init(@state, key, key.bytesize)
|
49
|
+
end
|
50
|
+
|
51
|
+
# Compute authenticator for message
|
52
|
+
#
|
53
|
+
# @params [#to_str] message message to construct an authenticator for
|
54
|
+
def update(message)
|
55
|
+
self.class.auth_hmacsha512256_update(@state, message, message.bytesize)
|
56
|
+
self.class.auth_hmacsha512256_final(@state.clone, @authenticator)
|
57
|
+
|
58
|
+
hexdigest
|
59
|
+
end
|
60
|
+
|
61
|
+
# Return the authenticator, as raw bytes
|
62
|
+
#
|
63
|
+
# @return [String] The authenticator, as raw bytes
|
64
|
+
def digest
|
65
|
+
@authenticator
|
66
|
+
end
|
67
|
+
|
68
|
+
# Return the authenticator, as hex string
|
69
|
+
#
|
70
|
+
# @return [String] The authenticator, as hex string
|
71
|
+
def hexdigest
|
72
|
+
@authenticator.unpack("H*").last
|
73
|
+
end
|
32
74
|
|
33
75
|
private
|
34
76
|
|
35
77
|
def compute_authenticator(authenticator, message)
|
36
|
-
|
78
|
+
state = State.new
|
79
|
+
|
80
|
+
self.class.auth_hmacsha512256_init(state, key, key.bytesize)
|
81
|
+
self.class.auth_hmacsha512256_update(state, message, message.bytesize)
|
82
|
+
self.class.auth_hmacsha512256_final(state, authenticator)
|
37
83
|
end
|
38
84
|
|
39
85
|
def verify_message(authenticator, message)
|
40
|
-
|
86
|
+
correct = Util.zeros(BYTES)
|
87
|
+
compute_authenticator(correct, message)
|
88
|
+
Util.verify32(correct, authenticator)
|
41
89
|
end
|
42
90
|
end
|
91
|
+
|
92
|
+
# The crypto_auth_hmacsha512256_state struct representation
|
93
|
+
# ref: jedisct1/libsodium/src/libsodium/include/sodium/crypto_auth_hmacsha512256.h
|
94
|
+
class SHA512256State < FFI::Struct
|
95
|
+
layout :state, [:uint64, 8],
|
96
|
+
:count, [:uint64, 2],
|
97
|
+
:buf, [:uint8, 128]
|
98
|
+
end
|
99
|
+
|
100
|
+
# The crypto_hash_sha512_state struct representation
|
101
|
+
# ref: jedisct1/libsodium/src/libsodium/include/sodium/crypto_hash_sha512.h
|
102
|
+
class State < FFI::Struct
|
103
|
+
layout :ictx, SHA512256State,
|
104
|
+
:octx, SHA512256State
|
105
|
+
end
|
43
106
|
end
|
44
107
|
end
|