rbnacl 5.0.0 → 6.0.0

data/lib/rbnacl/aead/chacha20poly1305_legacy.rb

@@ -16,11 +16,11 @@ module RbNaCl
 
       sodium_function :aead_chacha20poly1305_encrypt,
                       :crypto_aead_chacha20poly1305_encrypt,
-                      [:pointer, :pointer, :pointer, :ulong_long, :pointer, :ulong_long, :pointer, :pointer, :pointer]
+                      %i[pointer pointer pointer ulong_long pointer ulong_long pointer pointer pointer]
 
       sodium_function :aead_chacha20poly1305_decrypt,
                       :crypto_aead_chacha20poly1305_decrypt,
-                      [:pointer, :pointer, :pointer, :pointer, :ulong_long, :pointer, :ulong_long, :pointer, :pointer]
+                      %i[pointer pointer pointer pointer ulong_long pointer ulong_long pointer pointer]
 
       private
 

data/lib/rbnacl/aead/xchacha20poly1305_ietf.rb

@@ -0,0 +1,44 @@
+# encoding: binary
+# frozen_string_literal: true
+
+module RbNaCl
+  module AEAD
+    # This class contains wrappers for the IETF implementation of
+    # Authenticated Encryption with Additional Data using ChaCha20-Poly1305
+    class XChaCha20Poly1305IETF < RbNaCl::AEAD::Base
+      extend Sodium
+      if Sodium::Version.supported_version?("1.0.12")
+        sodium_type :aead
+        sodium_primitive :xchacha20poly1305_ietf
+
+        sodium_constant :KEYBYTES
+        sodium_constant :NPUBBYTES
+        sodium_constant :ABYTES
+
+        sodium_function :aead_xchacha20poly1305_ietf_encrypt,
+                        :crypto_aead_xchacha20poly1305_ietf_encrypt,
+                        %i[pointer pointer pointer ulong_long pointer ulong_long pointer pointer pointer]
+
+        sodium_function :aead_xchacha20poly1305_ietf_decrypt,
+                        :crypto_aead_xchacha20poly1305_ietf_decrypt,
+                        %i[pointer pointer pointer pointer ulong_long pointer ulong_long pointer pointer]
+
+        private
+
+        def do_encrypt(ciphertext, ciphertext_len, nonce, message, additional_data)
+          self.class.aead_xchacha20poly1305_ietf_encrypt(ciphertext, ciphertext_len,
+                                                         message, data_len(message),
+                                                         additional_data, data_len(additional_data),
+                                                         nil, nonce, @key)
+        end
+
+        def do_decrypt(message, message_len, nonce, ciphertext, additional_data)
+          self.class.aead_xchacha20poly1305_ietf_decrypt(message, message_len, nil,
+                                                         ciphertext, data_len(ciphertext),
+                                                         additional_data, data_len(additional_data),
+                                                         nonce, @key)
+        end
+      end
+    end
+  end
+end

data/lib/rbnacl/boxes/curve25519xsalsa20poly1305.rb

@@ -18,7 +18,7 @@ module RbNaCl
     #   #=> #<RbNaCl::PrivateKey ...>
     #
     #   # send bobkey.public_key to alice
-    #   # recieve alice's public key, alicepk
+    #   # receive alice's public key, alicepk
     #   # NB: This is actually the hard part of the system.  How to do it securely
     #   # is left as an exercise to for the reader.
     #   alice_pubkey = "..."
@@ -77,15 +77,15 @@ module RbNaCl
 
       sodium_function :box_curve25519xsalsa20poly1305_beforenm,
                       :crypto_box_curve25519xsalsa20poly1305_beforenm,
-                      [:pointer, :pointer, :pointer]
+                      %i[pointer pointer pointer]
 
       sodium_function :box_curve25519xsalsa20poly1305_open_afternm,
                       :crypto_box_curve25519xsalsa20poly1305_open_afternm,
-                      [:pointer, :pointer, :ulong_long, :pointer, :pointer]
+                      %i[pointer pointer ulong_long pointer pointer]
 
       sodium_function :box_curve25519xsalsa20poly1305_afternm,
                       :crypto_box_curve25519xsalsa20poly1305_afternm,
-                      [:pointer, :pointer, :ulong_long, :pointer, :pointer]
+                      %i[pointer pointer ulong_long pointer pointer]
 
       # Create a new Box
       #
@@ -180,10 +180,11 @@ module RbNaCl
       private
 
       def beforenm
-        @_key ||= begin
+        @beforenm ||= begin
           key = Util.zeros(BEFORENMBYTES)
           success = self.class.box_curve25519xsalsa20poly1305_beforenm(key, @public_key.to_s, @private_key.to_s)
           raise CryptoError, "Failed to derive shared key" unless success
+
           key
         end
       end

data/lib/rbnacl/boxes/curve25519xsalsa20poly1305/private_key.rb

@@ -24,7 +24,7 @@ module RbNaCl
 
         sodium_function  :box_curve25519xsalsa20poly1305_keypair,
                          :crypto_box_curve25519xsalsa20poly1305_keypair,
-                         [:pointer, :pointer]
+                         %i[pointer pointer]
 
         # The size of the key, in bytes
         BYTES = Boxes::Curve25519XSalsa20Poly1305::PRIVATEKEYBYTES

data/lib/rbnacl/group_elements/curve25519.rb

@@ -31,7 +31,7 @@ module RbNaCl
 
       sodium_function :scalarmult_curve25519,
                       :crypto_scalarmult_curve25519,
-                      [:pointer, :pointer, :pointer]
+                      %i[pointer pointer pointer]
 
       # Number of bytes in a scalar on this curve
       SCALARBYTES = 32
@@ -68,6 +68,7 @@ module RbNaCl
         result = Util.zeros(SCALARBYTES)
 
         raise CryptoError, "degenerate key detected" unless self.class.scalarmult_curve25519(result, integer, @point)
+
         self.class.new(result)
       end
 

data/lib/rbnacl/hash/blake2b.rb

@@ -26,19 +26,19 @@ module RbNaCl
 
       sodium_function  :generichash_blake2b,
                        :crypto_generichash_blake2b_salt_personal,
-                       [:pointer, :size_t, :pointer, :ulong_long, :pointer, :size_t, :pointer, :pointer]
+                       %i[pointer size_t pointer ulong_long pointer size_t pointer pointer]
 
       sodium_function :generichash_blake2b_init,
                       :crypto_generichash_blake2b_init_salt_personal,
-                      [:pointer, :pointer, :size_t, :size_t, :pointer, :pointer]
+                      %i[pointer pointer size_t size_t pointer pointer]
 
       sodium_function :generichash_blake2b_update,
                       :crypto_generichash_blake2b_update,
-                      [:pointer, :pointer, :ulong_long]
+                      %i[pointer pointer ulong_long]
 
       sodium_function :generichash_blake2b_final,
                       :crypto_generichash_blake2b_final,
-                      [:pointer, :pointer, :size_t]
+                      %i[pointer pointer size_t]
 
       EMPTY_PERSONAL = ("\0" * PERSONALBYTES).freeze
       EMPTY_SALT     = ("\0" * SALTBYTES).freeze
@@ -93,6 +93,7 @@ module RbNaCl
         digest_size = opts.fetch(:digest_size, BYTES_MAX)
         raise LengthError, "digest size too short" if digest_size < BYTES_MIN
         raise LengthError, "digest size too long"  if digest_size > BYTES_MAX
+
         opts[:digest_size] = digest_size
 
         personal = opts.fetch(:personal, EMPTY_PERSONAL)
@@ -161,6 +162,7 @@ module RbNaCl
       def digest
         raise(CryptoError, "No message to hash yet!") unless @incycle
         return @digest if @digest
+
         @digest = Util.zeros(@digest_size)
         self.class.generichash_blake2b_final(@instate.pointer, @digest, @digest_size) ||
           raise(CryptoError, "Hash finalization failed!")

data/lib/rbnacl/hash/sha256.rb

@@ -11,7 +11,7 @@ module RbNaCl
       sodium_constant :BYTES
       sodium_function :hash_sha256,
                       :crypto_hash_sha256,
-                      [:pointer, :pointer, :ulong_long]
+                      %i[pointer pointer ulong_long]
     end
   end
 end

data/lib/rbnacl/hash/sha512.rb

@@ -11,7 +11,7 @@ module RbNaCl
       sodium_constant :BYTES
       sodium_function :hash_sha512,
                       :crypto_hash_sha512,
-                      [:pointer, :pointer, :ulong_long]
+                      %i[pointer pointer ulong_long]
     end
   end
 end

data/lib/rbnacl/hmac/sha256.rb

@@ -22,23 +22,88 @@ module RbNaCl
       sodium_constant :BYTES
       sodium_constant :KEYBYTES
 
-      sodium_function :auth_hmacsha256,
-                      :crypto_auth_hmacsha256,
-                      [:pointer, :pointer, :ulong_long, :pointer]
+      sodium_function :auth_hmacsha256_init,
+                      :crypto_auth_hmacsha256_init,
+                      %i[pointer pointer size_t]
 
-      sodium_function :auth_hmacsha256_verify,
-                      :crypto_auth_hmacsha256_verify,
-                      [:pointer, :pointer, :ulong_long, :pointer]
+      sodium_function :auth_hmacsha256_update,
+                      :crypto_auth_hmacsha256_update,
+                      %i[pointer pointer ulong_long]
+
+      sodium_function :auth_hmacsha256_final,
+                      :crypto_auth_hmacsha256_final,
+                      %i[pointer pointer]
+
+      # Create instance without checking key length
+      #
+      # RFC 2104 HMAC
+      # The key for HMAC can be of any length.
+      #
+      # see https://tools.ietf.org/html/rfc2104#section-3
+      def initialize(key)
+        @key = Util.check_hmac_key(key, "#{self.class} key")
+        @state = State.new
+        @authenticator = Util.zeros(tag_bytes)
+
+        self.class.auth_hmacsha256_init(@state, key, key.bytesize)
+      end
+
+      # Compute authenticator for message
+      #
+      # @params [#to_str] message message to construct an authenticator for
+      def update(message)
+        self.class.auth_hmacsha256_update(@state, message, message.bytesize)
+        self.class.auth_hmacsha256_final(@state.clone, @authenticator)
+
+        hexdigest
+      end
+
+      # Return the authenticator, as raw bytes
+      #
+      # @return [String] The authenticator, as raw bytes
+      def digest
+        @authenticator
+      end
+
+      # Return the authenticator, as hex string
+      #
+      # @return [String] The authenticator, as hex string
+      def hexdigest
+        @authenticator.unpack("H*").last
+      end
 
       private
 
       def compute_authenticator(authenticator, message)
-        self.class.auth_hmacsha256(authenticator, message, message.bytesize, key)
+        state = State.new
+
+        self.class.auth_hmacsha256_init(state, key, key.bytesize)
+        self.class.auth_hmacsha256_update(state, message, message.bytesize)
+        self.class.auth_hmacsha256_final(state, authenticator)
       end
 
+      # libsodium crypto_auth_hmacsha256_verify works only for 32 byte keys
+      # ref: https://github.com/jedisct1/libsodium/blob/master/src/libsodium/crypto_auth/hmacsha256/auth_hmacsha256.c#L109
       def verify_message(authenticator, message)
-        self.class.auth_hmacsha256_verify(authenticator, message, message.bytesize, key)
+        correct = Util.zeros(BYTES)
+        compute_authenticator(correct, message)
+        Util.verify32(correct, authenticator)
       end
     end
+
+    # The crypto_auth_hmacsha256_state struct representation
+    # ref: jedisct1/libsodium/src/libsodium/include/sodium/crypto_auth_hmacsha256.h
+    class SHA256State < FFI::Struct
+      layout :state, [:uint32, 8],
+             :count, :uint64,
+             :buf, [:uint8, 64]
+    end
+
+    # The crypto_hash_sha256_state struct representation
+    # ref: jedisct1/libsodium/src/libsodium/include/sodium/crypto_hash_sha256.h
+    class State < FFI::Struct
+      layout :ictx, SHA256State,
+             :octx, SHA256State
+    end
   end
 end

data/lib/rbnacl/hmac/sha512.rb

@@ -22,23 +22,88 @@ module RbNaCl
       sodium_constant :BYTES
       sodium_constant :KEYBYTES
 
-      sodium_function :auth_hmacsha512,
-                      :crypto_auth_hmacsha512,
-                      [:pointer, :pointer, :ulong_long, :pointer]
+      sodium_function :auth_hmacsha512_init,
+                      :crypto_auth_hmacsha512_init,
+                      %i[pointer pointer size_t]
 
-      sodium_function :auth_hmacsha512_verify,
-                      :crypto_auth_hmacsha512_verify,
-                      [:pointer, :pointer, :ulong_long, :pointer]
+      sodium_function :auth_hmacsha512_update,
+                      :crypto_auth_hmacsha512_update,
+                      %i[pointer pointer ulong_long]
+
+      sodium_function :auth_hmacsha512_final,
+                      :crypto_auth_hmacsha512_final,
+                      %i[pointer pointer]
+
+      # Create instance without checking key length
+      #
+      # RFC 2104 HMAC
+      # The key for HMAC can be of any length.
+      #
+      # see https://tools.ietf.org/html/rfc2104#section-3
+      def initialize(key)
+        @key = Util.check_hmac_key(key, "#{self.class} key")
+        @state = State.new
+        @authenticator = Util.zeros(tag_bytes)
+
+        self.class.auth_hmacsha512_init(@state, key, key.bytesize)
+      end
+
+      # Compute authenticator for message
+      #
+      # @params [#to_str] message message to construct an authenticator for
+      def update(message)
+        self.class.auth_hmacsha512_update(@state, message, message.bytesize)
+        self.class.auth_hmacsha512_final(@state.clone, @authenticator)
+
+        hexdigest
+      end
+
+      # Return the authenticator, as raw bytes
+      #
+      # @return [String] The authenticator, as raw bytes
+      def digest
+        @authenticator
+      end
+
+      # Return the authenticator, as hex string
+      #
+      # @return [String] The authenticator, as hex string
+      def hexdigest
+        @authenticator.unpack("H*").last
+      end
 
       private
 
       def compute_authenticator(authenticator, message)
-        self.class.auth_hmacsha512(authenticator, message, message.bytesize, key)
+        state = State.new
+
+        self.class.auth_hmacsha512_init(state, key, key.bytesize)
+        self.class.auth_hmacsha512_update(state, message, message.bytesize)
+        self.class.auth_hmacsha512_final(state, authenticator)
       end
 
+      # libsodium crypto_auth_hmacsha512_verify works only for 32 byte keys
+      # ref: https://github.com/jedisct1/libsodium/blob/master/src/libsodium/crypto_auth/hmacsha512/auth_hmacsha512.c#L109
       def verify_message(authenticator, message)
-        self.class.auth_hmacsha512_verify(authenticator, message, message.bytesize, key)
+        correct = Util.zeros(BYTES)
+        compute_authenticator(correct, message)
+        Util.verify64(correct, authenticator)
       end
     end
+
+    # The crypto_auth_hmacsha512_state struct representation
+    # ref: jedisct1/libsodium/src/libsodium/include/sodium/crypto_auth_hmacsha512.h
+    class SHA512State < FFI::Struct
+      layout :state, [:uint64, 8],
+             :count, [:uint64, 2],
+             :buf, [:uint8, 128]
+    end
+
+    # The crypto_hash_sha512_state struct representation
+    # ref: jedisct1/libsodium/src/libsodium/include/sodium/crypto_hash_sha512.h
+    class State < FFI::Struct
+      layout :ictx, SHA512State,
+             :octx, SHA512State
+    end
   end
 end

data/lib/rbnacl/hmac/sha512256.rb

@@ -22,23 +22,86 @@ module RbNaCl
       sodium_constant :BYTES
       sodium_constant :KEYBYTES
 
-      sodium_function :auth_hmacsha512256,
-                      :crypto_auth_hmacsha512256,
-                      [:pointer, :pointer, :ulong_long, :pointer]
+      sodium_function :auth_hmacsha512256_init,
+                      :crypto_auth_hmacsha512256_init,
+                      %i[pointer pointer size_t]
 
-      sodium_function :auth_hmacsha512256_verify,
-                      :crypto_auth_hmacsha512256_verify,
-                      [:pointer, :pointer, :ulong_long, :pointer]
+      sodium_function :auth_hmacsha512256_update,
+                      :crypto_auth_hmacsha512256_update,
+                      %i[pointer pointer ulong_long]
+
+      sodium_function :auth_hmacsha512256_final,
+                      :crypto_auth_hmacsha512256_final,
+                      %i[pointer pointer]
+
+      # Create instance without checking key length
+      #
+      # RFC 2104 HMAC
+      # The key for HMAC can be of any length.
+      #
+      # see https://tools.ietf.org/html/rfc2104#section-3
+      def initialize(key)
+        @key = Util.check_hmac_key(key, "#{self.class} key")
+        @state = State.new
+        @authenticator = Util.zeros(tag_bytes)
+
+        self.class.auth_hmacsha512256_init(@state, key, key.bytesize)
+      end
+
+      # Compute authenticator for message
+      #
+      # @params [#to_str] message message to construct an authenticator for
+      def update(message)
+        self.class.auth_hmacsha512256_update(@state, message, message.bytesize)
+        self.class.auth_hmacsha512256_final(@state.clone, @authenticator)
+
+        hexdigest
+      end
+
+      # Return the authenticator, as raw bytes
+      #
+      # @return [String] The authenticator, as raw bytes
+      def digest
+        @authenticator
+      end
+
+      # Return the authenticator, as hex string
+      #
+      # @return [String] The authenticator, as hex string
+      def hexdigest
+        @authenticator.unpack("H*").last
+      end
 
       private
 
       def compute_authenticator(authenticator, message)
-        self.class.auth_hmacsha512256(authenticator, message, message.bytesize, key)
+        state = State.new
+
+        self.class.auth_hmacsha512256_init(state, key, key.bytesize)
+        self.class.auth_hmacsha512256_update(state, message, message.bytesize)
+        self.class.auth_hmacsha512256_final(state, authenticator)
       end
 
       def verify_message(authenticator, message)
-        self.class.auth_hmacsha512256_verify(authenticator, message, message.bytesize, key)
+        correct = Util.zeros(BYTES)
+        compute_authenticator(correct, message)
+        Util.verify32(correct, authenticator)
       end
     end
+
+    # The crypto_auth_hmacsha512256_state struct representation
+    # ref: jedisct1/libsodium/src/libsodium/include/sodium/crypto_auth_hmacsha512256.h
+    class SHA512256State < FFI::Struct
+      layout :state, [:uint64, 8],
+             :count, [:uint64, 2],
+             :buf, [:uint8, 128]
+    end
+
+    # The crypto_hash_sha512_state struct representation
+    # ref: jedisct1/libsodium/src/libsodium/include/sodium/crypto_hash_sha512.h
+    class State < FFI::Struct
+      layout :ictx, SHA512256State,
+             :octx, SHA512256State
+    end
   end
 end