rbnacl 5.0.0 → 6.0.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +5 -5
- data/.gitignore +1 -0
- data/.rubocop.yml +34 -12
- data/.travis.yml +16 -16
- data/CHANGES.md +37 -10
- data/Gemfile +4 -3
- data/Guardfile +2 -0
- data/LICENSE.txt +1 -1
- data/README.md +31 -21
- data/Rakefile +4 -3
- data/lib/rbnacl.rb +8 -3
- data/lib/rbnacl/aead/base.rb +3 -0
- data/lib/rbnacl/aead/chacha20poly1305_ietf.rb +2 -2
- data/lib/rbnacl/aead/chacha20poly1305_legacy.rb +2 -2
- data/lib/rbnacl/aead/xchacha20poly1305_ietf.rb +44 -0
- data/lib/rbnacl/boxes/curve25519xsalsa20poly1305.rb +6 -5
- data/lib/rbnacl/boxes/curve25519xsalsa20poly1305/private_key.rb +1 -1
- data/lib/rbnacl/group_elements/curve25519.rb +2 -1
- data/lib/rbnacl/hash/blake2b.rb +6 -4
- data/lib/rbnacl/hash/sha256.rb +1 -1
- data/lib/rbnacl/hash/sha512.rb +1 -1
- data/lib/rbnacl/hmac/sha256.rb +73 -8
- data/lib/rbnacl/hmac/sha512.rb +73 -8
- data/lib/rbnacl/hmac/sha512256.rb +71 -8
- data/lib/rbnacl/init.rb +1 -5
- data/lib/rbnacl/one_time_auths/poly1305.rb +2 -2
- data/lib/rbnacl/password_hash.rb +33 -2
- data/lib/rbnacl/password_hash/argon2.rb +37 -18
- data/lib/rbnacl/password_hash/scrypt.rb +1 -1
- data/lib/rbnacl/random.rb +1 -3
- data/lib/rbnacl/secret_boxes/xsalsa20poly1305.rb +2 -2
- data/lib/rbnacl/signatures/ed25519/signing_key.rb +2 -2
- data/lib/rbnacl/signatures/ed25519/verify_key.rb +1 -1
- data/lib/rbnacl/sodium.rb +16 -12
- data/lib/rbnacl/sodium/version.rb +3 -1
- data/lib/rbnacl/test_vectors.rb +104 -44
- data/lib/rbnacl/util.rb +92 -8
- data/lib/rbnacl/version.rb +1 -1
- data/rbnacl.gemspec +6 -7
- data/spec/rbnacl/aead/xchacha20poly1305_ietf_spec.rb +14 -0
- data/spec/rbnacl/authenticators/poly1305_spec.rb +21 -1
- data/spec/rbnacl/boxes/curve25519xsalsa20poly1305_spec.rb +18 -6
- data/spec/rbnacl/hmac/sha256_spec.rb +6 -1
- data/spec/rbnacl/hmac/sha512256_spec.rb +6 -1
- data/spec/rbnacl/hmac/sha512_spec.rb +6 -1
- data/spec/rbnacl/password_hash/argon2_spec.rb +56 -14
- data/spec/rbnacl/signatures/ed25519/signing_key_spec.rb +5 -4
- data/spec/rbnacl/util_spec.rb +63 -4
- data/spec/shared/aead.rb +33 -13
- data/spec/shared/authenticator.rb +0 -19
- data/spec/shared/box.rb +18 -6
- data/spec/shared/hmac.rb +46 -0
- data/spec/spec_helper.rb +3 -1
- metadata +22 -18
- data/.ruby-version +0 -1
data/spec/shared/aead.rb
CHANGED
@@ -4,11 +4,11 @@
|
|
4
4
|
RSpec.shared_examples "aead" do
|
5
5
|
let(:corrupt_ciphertext) { ciphertext.succ }
|
6
6
|
let(:trunc_ciphertext) { ciphertext[0, 20] }
|
7
|
-
let(:invalid_nonce) { nonce[0, nonce.bytesize/2] } # too short!
|
7
|
+
let(:invalid_nonce) { nonce[0, nonce.bytesize / 2] } # too short!
|
8
8
|
let(:invalid_nonce_long) { nonce + nonce } # too long!
|
9
|
-
let(:nonce_error_regex) {
|
9
|
+
let(:nonce_error_regex) { /Nonce.*(Expected #{aead.nonce_bytes})/ }
|
10
10
|
let(:corrupt_ad) { ad.succ }
|
11
|
-
let(:trunc_ad) { ad[0, ad.bytesize/2] }
|
11
|
+
let(:trunc_ad) { ad[0, ad.bytesize / 2] }
|
12
12
|
|
13
13
|
let(:aead) { described_class.new(key) }
|
14
14
|
|
@@ -36,19 +36,27 @@ RSpec.shared_examples "aead" do
|
|
36
36
|
end
|
37
37
|
|
38
38
|
it "raises on a short nonce" do
|
39
|
-
expect
|
39
|
+
expect do
|
40
|
+
aead.encrypt(invalid_nonce, message, ad)
|
41
|
+
end.to raise_error(RbNaCl::LengthError, nonce_error_regex)
|
40
42
|
end
|
41
43
|
|
42
44
|
it "raises on a long nonce" do
|
43
|
-
expect
|
45
|
+
expect do
|
46
|
+
aead.encrypt(invalid_nonce_long, message, ad)
|
47
|
+
end.to raise_error(RbNaCl::LengthError, nonce_error_regex)
|
44
48
|
end
|
45
49
|
|
46
50
|
it "works with an empty message" do
|
47
|
-
expect
|
51
|
+
expect do
|
52
|
+
aead.encrypt(nonce, nil, ad)
|
53
|
+
end.to_not raise_error
|
48
54
|
end
|
49
55
|
|
50
56
|
it "works with an empty additional data" do
|
51
|
-
expect
|
57
|
+
expect do
|
58
|
+
aead.encrypt(nonce, message, nil)
|
59
|
+
end.to_not raise_error
|
52
60
|
end
|
53
61
|
end
|
54
62
|
|
@@ -58,27 +66,39 @@ RSpec.shared_examples "aead" do
|
|
58
66
|
end
|
59
67
|
|
60
68
|
it "raises on a truncated message to decrypt" do
|
61
|
-
expect
|
69
|
+
expect do
|
70
|
+
aead.decrypt(nonce, trunc_ciphertext, ad)
|
71
|
+
end.to raise_error(RbNaCl::CryptoError, /Decryption failed. Ciphertext failed verification./)
|
62
72
|
end
|
63
73
|
|
64
74
|
it "raises on a corrupt ciphertext" do
|
65
|
-
expect
|
75
|
+
expect do
|
76
|
+
aead.decrypt(nonce, corrupt_ciphertext, ad)
|
77
|
+
end.to raise_error(RbNaCl::CryptoError, /Decryption failed. Ciphertext failed verification./)
|
66
78
|
end
|
67
79
|
|
68
80
|
it "raises when the additional data is truncated" do
|
69
|
-
expect
|
81
|
+
expect do
|
82
|
+
aead.decrypt(nonce, ciphertext, corrupt_ad)
|
83
|
+
end.to raise_error(RbNaCl::CryptoError, /Decryption failed. Ciphertext failed verification./)
|
70
84
|
end
|
71
85
|
|
72
86
|
it "raises when the additional data is corrupt " do
|
73
|
-
expect
|
87
|
+
expect do
|
88
|
+
aead.decrypt(nonce, ciphertext, trunc_ad)
|
89
|
+
end.to raise_error(RbNaCl::CryptoError, /Decryption failed. Ciphertext failed verification./)
|
74
90
|
end
|
75
91
|
|
76
92
|
it "raises on a short nonce" do
|
77
|
-
expect
|
93
|
+
expect do
|
94
|
+
aead.decrypt(invalid_nonce, message, ad)
|
95
|
+
end.to raise_error(RbNaCl::LengthError, nonce_error_regex)
|
78
96
|
end
|
79
97
|
|
80
98
|
it "raises on a long nonce" do
|
81
|
-
expect
|
99
|
+
expect do
|
100
|
+
aead.decrypt(invalid_nonce_long, message, ad)
|
101
|
+
end.to raise_error(RbNaCl::LengthError, nonce_error_regex)
|
82
102
|
end
|
83
103
|
end
|
84
104
|
end
|
@@ -2,9 +2,6 @@
|
|
2
2
|
# frozen_string_literal: true
|
3
3
|
|
4
4
|
RSpec.shared_examples "authenticator" do
|
5
|
-
let(:key) { vector "auth_key_#{described_class.key_bytes}".to_sym }
|
6
|
-
let(:message) { vector :auth_message }
|
7
|
-
|
8
5
|
context ".new" do
|
9
6
|
it "accepts a key" do
|
10
7
|
expect { described_class.new(key) }.to_not raise_error
|
@@ -17,14 +14,6 @@ RSpec.shared_examples "authenticator" do
|
|
17
14
|
it "raises TypeError on a nil key" do
|
18
15
|
expect { described_class.new(nil) }.to raise_error(TypeError)
|
19
16
|
end
|
20
|
-
|
21
|
-
it "raises ArgumentError on a key which is too long" do
|
22
|
-
expect { described_class.new("\0" * described_class.key_bytes.succ) }.to raise_error(ArgumentError)
|
23
|
-
end
|
24
|
-
|
25
|
-
it "raises ArgumentError on a key which is too short" do
|
26
|
-
expect { described_class.new("\0" * described_class.key_bytes.pred) }.to raise_error(ArgumentError)
|
27
|
-
end
|
28
17
|
end
|
29
18
|
|
30
19
|
context ".auth" do
|
@@ -35,10 +24,6 @@ RSpec.shared_examples "authenticator" do
|
|
35
24
|
it "raises TypeError on a nil key" do
|
36
25
|
expect { described_class.auth(nil, message) }.to raise_error(TypeError)
|
37
26
|
end
|
38
|
-
|
39
|
-
it "raises ArgumentError on a key which is too long" do
|
40
|
-
expect { described_class.auth("\0" * described_class.key_bytes.succ, message) }.to raise_error(ArgumentError)
|
41
|
-
end
|
42
27
|
end
|
43
28
|
|
44
29
|
context ".verify" do
|
@@ -50,10 +35,6 @@ RSpec.shared_examples "authenticator" do
|
|
50
35
|
expect { described_class.verify(nil, tag, message) }.to raise_error(TypeError)
|
51
36
|
end
|
52
37
|
|
53
|
-
it "raises ArgumentError on a key which is too long" do
|
54
|
-
expect { described_class.verify("\0" * described_class.key_bytes.succ, tag, message) }.to raise_error(ArgumentError)
|
55
|
-
end
|
56
|
-
|
57
38
|
it "fails to validate an invalid authenticator" do
|
58
39
|
expect { described_class.verify(key, tag, message + "\0") }.to raise_error(RbNaCl::BadAuthenticatorError)
|
59
40
|
end
|
data/spec/shared/box.rb
CHANGED
@@ -16,11 +16,15 @@ RSpec.shared_examples "box" do
|
|
16
16
|
end
|
17
17
|
|
18
18
|
it "raises on a short nonce" do
|
19
|
-
expect
|
19
|
+
expect do
|
20
|
+
box.box(invalid_nonce, message)
|
21
|
+
end.to raise_error(RbNaCl::LengthError, nonce_error_regex)
|
20
22
|
end
|
21
23
|
|
22
24
|
it "raises on a long nonce" do
|
23
|
-
expect
|
25
|
+
expect do
|
26
|
+
box.box(invalid_nonce_long, message)
|
27
|
+
end.to raise_error(RbNaCl::LengthError, nonce_error_regex)
|
24
28
|
end
|
25
29
|
end
|
26
30
|
|
@@ -30,19 +34,27 @@ RSpec.shared_examples "box" do
|
|
30
34
|
end
|
31
35
|
|
32
36
|
it "raises on a truncated message to decrypt" do
|
33
|
-
expect
|
37
|
+
expect do
|
38
|
+
box.open(nonce, ciphertext[0, 64])
|
39
|
+
end.to raise_error(RbNaCl::CryptoError, /Decryption failed. Ciphertext failed verification./)
|
34
40
|
end
|
35
41
|
|
36
42
|
it "raises on a corrupt ciphertext" do
|
37
|
-
expect
|
43
|
+
expect do
|
44
|
+
box.open(nonce, corrupt_ciphertext)
|
45
|
+
end.to raise_error(RbNaCl::CryptoError, /Decryption failed. Ciphertext failed verification./)
|
38
46
|
end
|
39
47
|
|
40
48
|
it "raises on a short nonce" do
|
41
|
-
expect
|
49
|
+
expect do
|
50
|
+
box.open(invalid_nonce, message)
|
51
|
+
end.to raise_error(RbNaCl::LengthError, nonce_error_regex)
|
42
52
|
end
|
43
53
|
|
44
54
|
it "raises on a long nonce" do
|
45
|
-
expect
|
55
|
+
expect do
|
56
|
+
box.open(invalid_nonce_long, message)
|
57
|
+
end.to raise_error(RbNaCl::LengthError, nonce_error_regex)
|
46
58
|
end
|
47
59
|
end
|
48
60
|
end
|
data/spec/shared/hmac.rb
ADDED
@@ -0,0 +1,46 @@
|
|
1
|
+
# encoding: binary
|
2
|
+
# frozen_string_literal: true
|
3
|
+
|
4
|
+
RSpec.shared_examples "HMAC" do
|
5
|
+
context ".new" do
|
6
|
+
it "raises EncodingError on a key with wrong encoding" do
|
7
|
+
expect { described_class.new(wrong_key) }.to raise_error(EncodingError)
|
8
|
+
end
|
9
|
+
end
|
10
|
+
|
11
|
+
context ".auth" do
|
12
|
+
it "raises EncodingError on a key with wrong encoding " do
|
13
|
+
expect { described_class.auth(wrong_key, message) }.to raise_error(EncodingError)
|
14
|
+
end
|
15
|
+
end
|
16
|
+
|
17
|
+
context ".verify" do
|
18
|
+
it "raises EncodingError on a key with wrong encoding" do
|
19
|
+
expect { described_class.verify(wrong_key, tag, message) }.to raise_error(EncodingError)
|
20
|
+
end
|
21
|
+
end
|
22
|
+
|
23
|
+
context "Instance methods" do
|
24
|
+
let(:authenticator) { described_class.new(key) }
|
25
|
+
|
26
|
+
before(:each) { authenticator.update(message) }
|
27
|
+
|
28
|
+
context "#update" do
|
29
|
+
it "returns hexdigest when produces an authenticator" do
|
30
|
+
expect(authenticator.update(message)).to eq mult_tag.unpack("H*").first
|
31
|
+
end
|
32
|
+
end
|
33
|
+
|
34
|
+
context "#digest" do
|
35
|
+
it "returns an authenticator" do
|
36
|
+
expect(authenticator.digest).to eq tag
|
37
|
+
end
|
38
|
+
end
|
39
|
+
|
40
|
+
context "#hexdigest" do
|
41
|
+
it "returns hex authenticator" do
|
42
|
+
expect(authenticator.hexdigest).to eq tag.unpack("H*").first
|
43
|
+
end
|
44
|
+
end
|
45
|
+
end
|
46
|
+
end
|
data/spec/spec_helper.rb
CHANGED
@@ -9,12 +9,14 @@ Coveralls.wear!
|
|
9
9
|
$RBNACL_SELF_TEST = false
|
10
10
|
|
11
11
|
require "bundler/setup"
|
12
|
-
require "rbnacl
|
12
|
+
require "rbnacl"
|
13
|
+
|
13
14
|
require "shared/box"
|
14
15
|
require "shared/authenticator"
|
15
16
|
require "shared/key_equality"
|
16
17
|
require "shared/serializable"
|
17
18
|
require "shared/aead"
|
19
|
+
require "shared/hmac"
|
18
20
|
|
19
21
|
def vector(name)
|
20
22
|
[RbNaCl::TEST_VECTORS[name]].pack("H*")
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: rbnacl
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version:
|
4
|
+
version: 6.0.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Tony Arcieri
|
@@ -9,34 +9,34 @@ authors:
|
|
9
9
|
autorequire:
|
10
10
|
bindir: bin
|
11
11
|
cert_chain: []
|
12
|
-
date:
|
12
|
+
date: 2018-11-08 00:00:00.000000000 Z
|
13
13
|
dependencies:
|
14
14
|
- !ruby/object:Gem::Dependency
|
15
15
|
name: ffi
|
16
16
|
requirement: !ruby/object:Gem::Requirement
|
17
17
|
requirements:
|
18
|
-
- -
|
18
|
+
- - ">="
|
19
19
|
- !ruby/object:Gem::Version
|
20
20
|
version: '0'
|
21
21
|
type: :runtime
|
22
22
|
prerelease: false
|
23
23
|
version_requirements: !ruby/object:Gem::Requirement
|
24
24
|
requirements:
|
25
|
-
- -
|
25
|
+
- - ">="
|
26
26
|
- !ruby/object:Gem::Version
|
27
27
|
version: '0'
|
28
28
|
- !ruby/object:Gem::Dependency
|
29
29
|
name: bundler
|
30
30
|
requirement: !ruby/object:Gem::Requirement
|
31
31
|
requirements:
|
32
|
-
- -
|
32
|
+
- - ">="
|
33
33
|
- !ruby/object:Gem::Version
|
34
34
|
version: '0'
|
35
35
|
type: :development
|
36
36
|
prerelease: false
|
37
37
|
version_requirements: !ruby/object:Gem::Requirement
|
38
38
|
requirements:
|
39
|
-
- -
|
39
|
+
- - ">="
|
40
40
|
- !ruby/object:Gem::Version
|
41
41
|
version: '0'
|
42
42
|
description: The Networking and Cryptography (NaCl) library provides a high-level
|
@@ -48,13 +48,12 @@ executables: []
|
|
48
48
|
extensions: []
|
49
49
|
extra_rdoc_files: []
|
50
50
|
files:
|
51
|
-
- .coveralls.yml
|
52
|
-
- .gitignore
|
53
|
-
- .rspec
|
54
|
-
- .rubocop.yml
|
55
|
-
- .
|
56
|
-
- .
|
57
|
-
- .yardopts
|
51
|
+
- ".coveralls.yml"
|
52
|
+
- ".gitignore"
|
53
|
+
- ".rspec"
|
54
|
+
- ".rubocop.yml"
|
55
|
+
- ".travis.yml"
|
56
|
+
- ".yardopts"
|
58
57
|
- CHANGES.md
|
59
58
|
- Gemfile
|
60
59
|
- Guardfile
|
@@ -69,6 +68,7 @@ files:
|
|
69
68
|
- lib/rbnacl/aead/base.rb
|
70
69
|
- lib/rbnacl/aead/chacha20poly1305_ietf.rb
|
71
70
|
- lib/rbnacl/aead/chacha20poly1305_legacy.rb
|
71
|
+
- lib/rbnacl/aead/xchacha20poly1305_ietf.rb
|
72
72
|
- lib/rbnacl/auth.rb
|
73
73
|
- lib/rbnacl/boxes/curve25519xsalsa20poly1305.rb
|
74
74
|
- lib/rbnacl/boxes/curve25519xsalsa20poly1305/private_key.rb
|
@@ -103,6 +103,7 @@ files:
|
|
103
103
|
- rbnacl.gemspec
|
104
104
|
- spec/rbnacl/aead/chacha20poly1305_ietf_spec.rb
|
105
105
|
- spec/rbnacl/aead/chacha20poly1305_legacy_spec.rb
|
106
|
+
- spec/rbnacl/aead/xchacha20poly1305_ietf_spec.rb
|
106
107
|
- spec/rbnacl/authenticators/poly1305_spec.rb
|
107
108
|
- spec/rbnacl/boxes/curve25519xsalsa20poly1305/private_key_spec.rb
|
108
109
|
- spec/rbnacl/boxes/curve25519xsalsa20poly1305/public_key_spec.rb
|
@@ -124,12 +125,13 @@ files:
|
|
124
125
|
- spec/shared/aead.rb
|
125
126
|
- spec/shared/authenticator.rb
|
126
127
|
- spec/shared/box.rb
|
128
|
+
- spec/shared/hmac.rb
|
127
129
|
- spec/shared/key_equality.rb
|
128
130
|
- spec/shared/serializable.rb
|
129
131
|
- spec/spec_helper.rb
|
130
132
|
- tasks/rspec.rake
|
131
133
|
- tasks/rubocop.rake
|
132
|
-
homepage: https://github.com/
|
134
|
+
homepage: https://github.com/crypto-rb/rbnacl
|
133
135
|
licenses:
|
134
136
|
- MIT
|
135
137
|
metadata: {}
|
@@ -139,23 +141,24 @@ require_paths:
|
|
139
141
|
- lib
|
140
142
|
required_ruby_version: !ruby/object:Gem::Requirement
|
141
143
|
requirements:
|
142
|
-
- -
|
144
|
+
- - ">="
|
143
145
|
- !ruby/object:Gem::Version
|
144
146
|
version: 2.2.6
|
145
147
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
146
148
|
requirements:
|
147
|
-
- -
|
149
|
+
- - ">="
|
148
150
|
- !ruby/object:Gem::Version
|
149
151
|
version: '0'
|
150
152
|
requirements: []
|
151
153
|
rubyforge_project:
|
152
|
-
rubygems_version: 2.
|
154
|
+
rubygems_version: 2.7.4
|
153
155
|
signing_key:
|
154
156
|
specification_version: 4
|
155
|
-
summary: Ruby binding to the
|
157
|
+
summary: Ruby binding to the libsodium/NaCl cryptography library
|
156
158
|
test_files:
|
157
159
|
- spec/rbnacl/aead/chacha20poly1305_ietf_spec.rb
|
158
160
|
- spec/rbnacl/aead/chacha20poly1305_legacy_spec.rb
|
161
|
+
- spec/rbnacl/aead/xchacha20poly1305_ietf_spec.rb
|
159
162
|
- spec/rbnacl/authenticators/poly1305_spec.rb
|
160
163
|
- spec/rbnacl/boxes/curve25519xsalsa20poly1305/private_key_spec.rb
|
161
164
|
- spec/rbnacl/boxes/curve25519xsalsa20poly1305/public_key_spec.rb
|
@@ -177,6 +180,7 @@ test_files:
|
|
177
180
|
- spec/shared/aead.rb
|
178
181
|
- spec/shared/authenticator.rb
|
179
182
|
- spec/shared/box.rb
|
183
|
+
- spec/shared/hmac.rb
|
180
184
|
- spec/shared/key_equality.rb
|
181
185
|
- spec/shared/serializable.rb
|
182
186
|
- spec/spec_helper.rb
|
data/.ruby-version
DELETED
@@ -1 +0,0 @@
|
|
1
|
-
2.4.0
|