rbnacl 2.0.0.pre → 2.0.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 2ba5a3248fe87dd5d2f784f29857ff1d7d26e631
-  data.tar.gz: b61bd66e86e6b2bce75ed52d87d0a706df5626b6
+  metadata.gz: 4868c75138fed2d13cc2c2e101961e5149a2f950
+  data.tar.gz: 9b2bc9e35ff45cf67715ae49a86f3667dff2609a
 SHA512:
-  metadata.gz: ed12ef065cb24120b4ff6329026ea69bb560736f6ae6df76534fd064fb862251f29d137b8a8506ed35be67965d610b2cd3b70196253a72da645d3001a3cb7ceb
-  data.tar.gz: ea66f56eadd856e610761ecb031b95a5163e7e99d6127b2798126fa2dbf9998bfd53fd9c6cf9d245511f3ba65d70d3af91313f7f01f19bd35a642f212a45ca12
+  metadata.gz: 6667126547e0562e40b3d653b998058a4cc2f4dab18063d636285ca957d5b3c500eac93966946bcf9989bcad24c312208edbb856b34d53391d6ce7d2eec97932
+  data.tar.gz: 4e2d2f6ac34fa25972361afa81e8d0ae1c08f6b344e3fba43cdba92790daf1b00c824b564f4c5a3a64070fb2b7a6f9698e546ede8ec9088295a43355528958cd

data.tar.gz.sig

@@ -0,0 +1,2 @@
+��aA�˥�P�$��9�~��b+;�w[!,�fƬ@Iս��a]s8�R�Fu�X|�K��va�a���! œ8���"��aŶ�K��kp�_�HĊ؜�?^n�e���b
+�I��,*����00�?=���@]�w$K6g�L)F�G��e�>u�`�W:�Z�x�ʖ��@���!Cf�q'�^���Ȏ�mX�@|�C���
%��kߑr��3���Q�O��(fUw�*��vr�R��z�_ƒ<�K��o

data/CHANGES.md

@@ -1,10 +1,22 @@
-2.0.0.pre
----------
-* ZOMG LOTS OF STUFF! We should make we get it all added to this file!
+2.0.0 (2013-11-07)
+------------------
 * Add encrypt/decrypt aliases for Crypto::RandomNonceBox
 * Rename Crypto module to RbNaCl module
 * RbNaCl::VerifyKey#verify operand order was reversed. New operand order is
   signature, message instead of message, signature
+* RbNaCL::SecretBox#open, RbNaCl::Box#open, Auth#verify and VerifyKey#verify 
+  all now raise a (descendent of) CryptoError if the check fails.  This ensures
+  failures are handled by the program.
+* RbNaCl::SecretBox, Box, etc. are all now aliases for the real implementations,
+  which are named after the primitives they provide
+* Encoders have now gone.
+* Add support for the Blake2b cryptographic hash algorithm.
+* Add checks that we have a sufficiently recent version of libsodium (0.4.3+)
+* Dropped ruby-1.8 support
+* Call the `sodium_init()` function, to select the best algorithms.
+* Fix some typos in the documentation
+* Changes in the low level binding for libsodium and removal of the NaCl module
+* Add a mutex around calls to randombytes in libsodium
 
 1.1.0 (2013-04-19)
 ------------------

data/lib/rbnacl.rb

@@ -1,6 +1,7 @@
 # encoding: binary
 require "rbnacl/version"
 require "rbnacl/sodium"
+require "rbnacl/sodium/version"
 require "rbnacl/serializable"
 require "rbnacl/key_comparator"
 require "rbnacl/auth"
@@ -11,12 +12,6 @@ require "rbnacl/test_vectors"
 require "rbnacl/init"
 
 module RbNaCl
-  REQUIRED_LIBSODIUM_VERSION = "0.4.5"
-
-  if Util.sodium_version_string < REQUIRED_LIBSODIUM_VERSION
-    raise "Sorry, you need to install libsodium #{REQUIRED_LIBSODIUM_VERSION}+. You have #{Util.sodium_version_string} installed"
-  end
-
   # Oh no, something went wrong!
   #
   # This indicates a failure in the operation of a cryptographic primitive such
@@ -39,6 +34,10 @@ module RbNaCl
   # The signature was forged or otherwise corrupt
   class BadSignatureError < CryptoError; end
 
+  # The authenticator was forged or otherwise corrupt
+  class BadAuthenticatorError < CryptoError; end
+
+
   # Public Key Encryption (Box): Curve25519XSalsa20Poly1305
   require "rbnacl/boxes/curve25519xsalsa20poly1305"
   require "rbnacl/boxes/curve25519xsalsa20poly1305/private_key"

data/lib/rbnacl/auth.rb

@@ -1,5 +1,6 @@
 # encoding: binary
 module RbNaCl
+
   # Secret Key Authenticators
   #
   # These provide a means of verifying the integrity of a message, but only
@@ -38,6 +39,9 @@ module RbNaCl
     # @param [#to_str] authenticator to be checked
     # @param [#to_str] message the message to be authenticated
     #
+    # @raise [BadAuthenticatorError] if the tag isn't valid
+    # @raise [LengthError]  if the tag is of the wrong length
+    #
     # @return [Boolean] Was it valid?
     def self.verify(key, authenticator, message)
       new(key).verify(authenticator, message)
@@ -60,11 +64,14 @@ module RbNaCl
     # @param [#to_str] authenticator to be checked
     # @param [#to_str] message the message to be authenticated
     #
+    # @raise [BadAuthenticatorError] if the tag isn't valid
+    # @raise [LengthError]  if the tag is of the wrong length
+    #
     # @return [Boolean] Was it valid?
     def verify(authenticator, message)
       auth = authenticator.to_s
-      return false unless auth.bytesize == tag_bytes
-      verify_message(auth, message)
+      Util.check_length(auth, tag_bytes, "Provided authenticator")
+      verify_message(auth, message) || raise(BadAuthenticatorError, "Invalid authenticator provided, message is corrupt")
     end
 
     # The crypto primitive for this authenticator instance

data/lib/rbnacl/hash/blake2b.rb

@@ -35,11 +35,18 @@ module RbNaCl
       # @return [RbNaCl::Hash::Blake2b] A Blake2b hasher object
       def initialize(opts = {})
         @key = opts.fetch(:key, nil)
-        @key_size = @key ? @key.bytesize : 0
-        raise LengthError, "Invalid key size" if (@key_size != 0) && (@key_size < KEYBYTES_MIN || @key_size > KEYBYTES_MAX) 
+
+        if @key
+          @key_size = @key.bytesize
+          raise LengthError, "key too short" if @key_size < KEYBYTES_MIN
+          raise LengthError, "key too long"  if @key_size > KEYBYTES_MAX
+        else
+          @key_size = 0
+        end
 
         @digest_size = opts.fetch(:digest_size, BYTES_MAX)
-        raise LengthError, "Invalid digest size" if @digest_size < BYTES_MIN || @digest_size > BYTES_MAX
+        raise LengthError, "digest size too short" if @digest_size < BYTES_MIN
+        raise LengthError, "digest size too long"  if @digest_size > BYTES_MAX
       end
 
       # Calculate a Blake2b digest

data/lib/rbnacl/random.rb

@@ -1,3 +1,5 @@
+require 'thread'
+
 # encoding: binary
 module RbNaCl
   # Functions for random number generation
@@ -7,6 +9,8 @@ module RbNaCl
   module Random
     extend Sodium
 
+    @mutex = Mutex.new
+
     sodium_function :c_random_bytes,
                     :randombytes_buf,
                     [:pointer, :ulong_long]
@@ -17,7 +21,7 @@ module RbNaCl
     # @return [String] random bytes.
     def self.random_bytes(n=32)
       buf = RbNaCl::Util.zeros(n)
-      c_random_bytes(buf, n)
+      @mutex.synchronize { c_random_bytes(buf, n) }
       buf
     end
   end

data/lib/rbnacl/self_test.rb

@@ -80,12 +80,14 @@ module RbNaCl
         #:nocov:
       end
 
-      bad_signature = signature[0,63] + '0'
-
-      unless verify_key.verify(bad_signature, message) == false
-        #:nocov:
-        raise SelfTestFailure, "failed to detect an invalid signature"
-        #:nocov:
+      begin
+        passed         = false
+        bad_signature = signature[0,63] + '0'
+        verify_key.verify(bad_signature, message)
+      rescue CryptoError
+        passed = true
+      ensure
+        passed or raise SelfTestFailure, "failed to detect corrupt ciphertext"
       end
     end
 
@@ -117,10 +119,13 @@ module RbNaCl
         #:nocov:
       end
 
-      if authenticator.verify(vector(tag), message + ' ')
-        #:nocov:
-        raise SelfTestFailure, "#{klass} failed to detect invalid authentication tag"
-        #:nocov:
+      begin
+        passed         = false
+        authenticator.verify(vector(tag), message + ' ')
+      rescue CryptoError
+        passed = true
+      ensure
+        passed or raise SelfTestFailure, "failed to detect corrupt ciphertext"
       end
     end
   end

data/lib/rbnacl/signatures/ed25519/verify_key.rb

@@ -33,9 +33,14 @@ module RbNaCl
 
         # Verify a signature for a given message
         #
+        # Raises if the signature is invalid.
+        #
         # @param signature [String] Alleged signature to be checked
         # @param message [String] Message to be authenticated
         #
+        # @raise [BadSignatureError] if the signature check fails
+        # @raise [LengthError]  if the signature is of the wrong length
+        #
         # @return [Boolean] was the signature authentic?
         def verify(signature, message)
           signature = signature.to_str
@@ -45,25 +50,7 @@ module RbNaCl
           buffer = Util.zeros(sig_and_msg.bytesize)
           buffer_len = Util.zeros(FFI::Type::LONG_LONG.size)
 
-          self.class.sign_ed25519_open(buffer, buffer_len, sig_and_msg, sig_and_msg.bytesize, @key)
-        end
-
-        # Verify a signature for a given message or raise exception
-        #
-        # "Dangerous" (but really safer) verify that raises an exception if a
-        # signature check fails. This is probably less likely to go unnoticed than
-        # an improperly checked verify, as you are forced to deal with the
-        # exception explicitly (and failing signature checks are certainly an
-        # exceptional condition!)
-        #
-        # The arguments are otherwise the same as the verify method.
-        #
-        # @param message [String] Message to be authenticated
-        # @param signature [String] Alleged signature to be checked
-        #
-        # @return [true] Will raise BadSignatureError if signature check fails
-        def verify!(message, signature)
-          verify(message, signature) or raise BadSignatureError, "signature was forged/corrupt"
+          self.class.sign_ed25519_open(buffer, buffer_len, sig_and_msg, sig_and_msg.bytesize, @key) || raise(BadSignatureError, "signature was forged/corrupt")
         end
 
         # Return the raw key in byte format

data/lib/rbnacl/sodium/version.rb

@@ -0,0 +1,23 @@
+require 'rbnacl/sodium'
+
+module RbNaCl
+  module Sodium
+    module Version
+      MINIMUM_LIBSODIUM_VERSION = "0.4.3"
+
+      extend Sodium
+      attach_function :sodium_version_string, [], :string
+
+      STRING = sodium_version_string
+      MAJOR, MINOR, PATCH = STRING.split(".").map(&:to_i)
+
+      installed_version = [MAJOR, MINOR, PATCH]
+      minimum_version   = MINIMUM_LIBSODIUM_VERSION.split(".").map(&:to_i)
+
+      case installed_version <=> minimum_version
+      when -1
+        raise "Sorry, you need to install libsodium #{MINIMUM_LIBSODIUM_VERSION}+. You have #{Version::STRING} installed"
+      end
+    end
+  end
+end

data/lib/rbnacl/util.rb

@@ -4,8 +4,6 @@ module RbNaCl
   module Util
     extend Sodium
 
-    attach_function :sodium_version_string, [], :string
-
     sodium_function :c_verify16, :crypto_verify_16, [:pointer, :pointer]
     sodium_function :c_verify32, :crypto_verify_32, [:pointer, :pointer]
     module_function

data/lib/rbnacl/version.rb

@@ -1,5 +1,5 @@
 # encoding: binary
 module RbNaCl
   # The library's version
-  VERSION = "2.0.0.pre"
+  VERSION = "2.0.0"
 end

data/rbnacl.gemspec

@@ -11,6 +11,7 @@ Gem::Specification.new do |gem|
   gem.description   = "Ruby binding to the Networking and Cryptography (NaCl) library"
   gem.summary       = "The Networking and Cryptography (NaCl) library provides a high-level toolkit for building cryptographic systems and protocols"
   gem.homepage      = "https://github.com/cryptosphere/rbnacl"
+  gem.licenses      = ["MIT"]
 
   gem.files         = `git ls-files`.split($/)
   gem.executables   = gem.files.grep(%r{^bin/}).map{ |f| File.basename(f) }
@@ -25,4 +26,7 @@ Gem::Specification.new do |gem|
 
   gem.add_development_dependency "rake"
   gem.add_development_dependency "rspec", ">= 2.14"
+
+  gem.signing_key = "../.sekretz/gem-private_key.pem"
+  gem.cert_chain = ["bascule.cert"]
 end

data/spec/rbnacl/hash/blake2b_spec.rb

@@ -7,11 +7,11 @@ describe RbNaCl::Hash::Blake2b do
   let(:empty_string_hash)     { vector :blake2b_empty }
 
   it "calculates the correct hash for a reference string" do
-    RbNaCl::Hash.blake2b(reference_string).should eq reference_string_hash
+    expect(RbNaCl::Hash.blake2b(reference_string)).to eq reference_string_hash
   end
 
   it "calculates the correct hash for an empty string" do
-    RbNaCl::Hash.blake2b("").should eq empty_string_hash
+    expect(RbNaCl::Hash.blake2b("")).to eq empty_string_hash
   end
 
   context "keyed" do
@@ -20,7 +20,11 @@ describe RbNaCl::Hash::Blake2b do
     let(:reference_string_hash) { vector :blake2b_keyed_digest }
 
     it "calculates keyed hashes correctly" do
-      RbNaCl::Hash.blake2b(reference_string, :key => reference_key).should eq reference_string_hash
+      expect(RbNaCl::Hash.blake2b(reference_string, key: reference_key)).to eq reference_string_hash
+    end
+
+    it "doesn't accept empty strings as a key" do
+      expect { RbNaCl::Hash.blake2b(reference_string, key: "") }.to raise_exception
     end
   end
 end

data/spec/rbnacl/signatures/ed25519/verify_key_spec.rb

@@ -13,12 +13,12 @@ describe RbNaCl::VerifyKey do
     subject.verify(signature, message).should be_true
   end
 
-  it "detects bad signatures" do
-    subject.verify(bad_signature, message).should be_false
+  it "raises when asked to verify a bad signature" do
+    expect { subject.verify(bad_signature, message) }.to raise_exception RbNaCl::BadSignatureError
   end
 
-  it "raises when asked to verify with a bang" do
-    expect { subject.verify!(bad_signature, message) }.to raise_exception RbNaCl::BadSignatureError
+  it "raises when asked to verify a short signature" do
+    expect { subject.verify(bad_signature[0,63], message) }.to raise_exception RbNaCl::LengthError
   end
 
   it "serializes to bytes" do

data/spec/shared/authenticator.rb

@@ -53,19 +53,18 @@ shared_examples "authenticator" do
     end
 
     it "fails to validate an invalid authenticator" do
-      described_class.verify(key, tag, message+"\0").should be false
+      expect { described_class.verify(key, tag, message+"\0") }.to raise_error(RbNaCl::BadAuthenticatorError)
     end
 
     it "fails to validate a short authenticator" do
-      described_class.verify(key, tag[0,tag.bytesize - 2], message).should be false
+      expect { described_class.verify(key, tag[0,tag.bytesize - 2], message) }.to raise_error(RbNaCl::LengthError)
     end
 
     it "fails to validate a long authenticator" do
-      described_class.verify(key, tag+"\0", message).should be false
+      expect { described_class.verify(key, tag+"\0", message) }.to raise_error(RbNaCl::LengthError)
     end
   end
 
-
   context "Instance methods" do
     let(:authenticator) { described_class.new(key) }
 
@@ -81,15 +80,15 @@ shared_examples "authenticator" do
       end
 
       it "fails to validate an invalid authenticator" do
-        authenticator.verify(tag, message+"\0").should be false
+        expect { authenticator.verify(tag, message+"\0") }.to raise_error(RbNaCl::BadAuthenticatorError)
       end
 
       it "fails to validate a short authenticator" do
-        authenticator.verify(tag[0,tag.bytesize - 2], message).should be false
+        expect { authenticator.verify(tag[0,tag.bytesize - 2], message) }.to raise_error(RbNaCl::LengthError)
       end
 
       it "fails to validate a long authenticator" do
-        authenticator.verify(tag+"\0", message).should be false
+        expect { authenticator.verify(tag+"\0", message) }.to raise_error(RbNaCl::LengthError)
       end
     end
   end

data/spec/spec_helper.rb

@@ -1,4 +1,5 @@
 # encoding: binary
+require 'json'
 require 'coveralls'
 Coveralls.wear!
 

metadata

@@ -1,15 +1,37 @@
 --- !ruby/object:Gem::Specification
 name: rbnacl
 version: !ruby/object:Gem::Version
-  version: 2.0.0.pre
+  version: 2.0.0
 platform: ruby
 authors:
 - Tony Arcieri
 - Jonathan Stott
 autorequire: 
 bindir: bin
-cert_chain: []
-date: 2013-10-24 00:00:00.000000000 Z
+cert_chain:
+- |
+  -----BEGIN CERTIFICATE-----
+  MIIDbDCCAlSgAwIBAgIBATANBgkqhkiG9w0BAQUFADA+MRAwDgYDVQQDDAdiYXNj
+  dWxlMRUwEwYKCZImiZPyLGQBGRYFZ21haWwxEzARBgoJkiaJk/IsZAEZFgNjb20w
+  HhcNMTMwMzA4MDYwNzA1WhcNMTQwMzA4MDYwNzA1WjA+MRAwDgYDVQQDDAdiYXNj
+  dWxlMRUwEwYKCZImiZPyLGQBGRYFZ21haWwxEzARBgoJkiaJk/IsZAEZFgNjb20w
+  ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC8S9Y1eahE5w/b0P1jVbO4
+  nZbGwJGnGUTPPujZZfCXdkJu1pa8MvsU+pzgm051/yy9bWUp5eMTIjP9Qg+v92gK
+  bfjiUoVwAqISW7zD98gbXwdOgcbCjPFfdP7XmAlxbmq0/T+kYXVngfYo737SukWz
+  /3LLzfmtzBAZipJhTL3EAvlD2O2n2m/JARtxUwHjohd5199BBrSgbjKBXrbZ159F
+  rJzDZef9SLCeXbVL218C4Z4Yf3QvOAvlkBQbYZmD0jnivAvXaoylZnCgIpGUnEiA
+  C3raBW2/zMeKZC7dxygqezxwKiA/u4rxeCK3XDwYlRkF35UtAyIbIJYGODJL4MR9
+  AgMBAAGjdTBzMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgSwMB0GA1UdDgQWBBRP3DGA
+  NBCsdSMAHGzKpylnYy90ejAcBgNVHREEFTATgRFiYXNjdWxlQGdtYWlsLmNvbTAc
+  BgNVHRIEFTATgRFiYXNjdWxlQGdtYWlsLmNvbTANBgkqhkiG9w0BAQUFAAOCAQEA
+  NhP3rks+x49coXHS0vPPxXb7V0HDnuYP5R+pN1+T2Z7D4qwJKjEF4EC8mQYtwcNe
+  Qquz1t9Uxtr7i3QqjnwhNKlIVig1nikNF+FnApjYs4mwAtMHn77WOwx8wkn7ykej
+  7sF7dRE+BLgpJ88/ycnA6zsEiSQVcIMDVpiYUqUBx+MDNnq5jw5dI0Kct8vBirNA
+  QiZB6YQD1raVKUTpRubo4i0SnGpbMSxMy+YreqwNQiWG9iWCbp0JJWaOPSYTeQHe
+  3L/NVZQttSvxjd+WF6mA9yeCjpomboQMP36GRIZ30SoOVPMGvZ/+QpW52QU7mJW5
+  GzWyf92p0uscgUZVTYixjg==
+  -----END CERTIFICATE-----
+date: 2013-11-07 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: ffi
@@ -102,6 +124,7 @@ files:
 - lib/rbnacl/signatures/ed25519/signing_key.rb
 - lib/rbnacl/signatures/ed25519/verify_key.rb
 - lib/rbnacl/sodium.rb
+- lib/rbnacl/sodium/version.rb
 - lib/rbnacl/test_vectors.rb
 - lib/rbnacl/util.rb
 - lib/rbnacl/version.rb
@@ -130,7 +153,8 @@ files:
 - tasks/ci.rake
 - tasks/rspec.rake
 homepage: https://github.com/cryptosphere/rbnacl
-licenses: []
+licenses:
+- MIT
 metadata: {}
 post_install_message: 
 rdoc_options: []
@@ -143,12 +167,12 @@ required_ruby_version: !ruby/object:Gem::Requirement
       version: '0'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - '>'
+  - - '>='
     - !ruby/object:Gem::Version
-      version: 1.3.1
+      version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.0.6
+rubygems_version: 2.0.2
 signing_key: 
 specification_version: 4
 summary: The Networking and Cryptography (NaCl) library provides a high-level toolkit

metadata.gz.sig

@@ -0,0 +1,2 @@
+�.	�r_Q���; �|��A�;e�(�zX#�u?���ݛ�Zܻ�@c�ךk�����ɛ�ID>����ߣg�J����4
+%Wh���h�o�ҟ�����,�W�,��˥�{�tw{#�B؄k\�