rbnacl 3.0.1 → 3.1.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: b67cc643ca784918a3ac35d13c2cb942e494eab9
-  data.tar.gz: 685f56452c4193577b759c5f6c29695c156c644b
+  metadata.gz: da04c0339f10665de0880687721eb137edb0db2d
+  data.tar.gz: 4f149d92ee6701f70fa6f8715e6132357b6064fc
 SHA512:
-  metadata.gz: c3cd45824f3f0510d497f932cfb6cff78c8ec70c2f13560f39d24c6bc7e00733b7611591c18700e6e4976c54b8c8aabafda86ab91649ba6384f22595a5513134
-  data.tar.gz: e4b7f9a7ccffc5146bb5dbf4358055d6271ef52fd7bba8ca993d874496ae5e79dda972542e53446b8f14a7c1f1b54276a19c6208feda9cf05d12d9441ab9faea
+  metadata.gz: 7150574a248de534fa8f141eb891cc3db27a92988e319d55848d21f8323aa0f133416ffc5d4761c62b9d7dcaac7ef0ab70b7df2f45b42d540c857fc852b390a1
+  data.tar.gz: 08f8dfd718c3c75a436a826cc564beacb5533878f7b77d12ea0a057afc1750d421265b0c1172704e98953bece3c893926275aa991f6f86ba7d2d6ca2f85689b1

data/.travis.yml

@@ -7,14 +7,13 @@ rvm:
   - ruby-head
   - jruby
   - jruby-head
-  - rbx
-  - rbx-head
+  - rbx-2
 
 matrix:
   allow_failures:
     - rvm: ruby-head
     - rvm: jruby-head
-    - rvm: rbx-head
+    - rvm: rbx-2
 
 notifications:
   irc: "irc.freenode.org#cryptosphere"

data/CHANGES.md

@@ -1,3 +1,7 @@
+3.1.0 (2014-05-22)
+------------------
+* The scrypt password hashing function: RbNaCl::PasswordHash.scrypt
+
 3.0.1 (2014-05-12)
 ------------------
 * Load gem from RBNACL_LIBSODIUM_GEM_LIB_PATH if set. Used by rbnacl-libsodium

data/README.md

@@ -67,17 +67,17 @@ reports of successful Windows users.
 
 ### libsodium
 
-RbNaCl is implemented as a Ruby FFI binding, which is designed to bind to
-shared libraries. Unfortunately NaCl does not presently ship a shared library,
-so RbNaCl cannot take advantage of it via FFI. RbNaCl will support usage with
-the upstream NaCl once it is able to compile a shared library.
+**NOTE: Want to avoid the hassle of installing libsodium? Use the
+[rbnacl-libsodium](https://github.com/cryptosphere/rbnacl-libsodium) gem**
 
-For now, to use RbNaCl, you will need to install libsodium, a portable version
-of NaCl based upon the reference C code. Please see the libsodium project
-for information regarding installation:
+To use RbNaCl, you will need to install libsodium:
 
 https://github.com/jedisct1/libsodium
 
+For OS X users, libsodium is available via homebrew and can be installed with:
+
+    brew install libsodium
+
 For FreeBSD users, libsodium is available both via pkgng and ports.  To install
 a binary package:
 
@@ -88,10 +88,6 @@ portmaster or portupgrade), or use make as follows:
 
     cd /usr/ports/security/libsodium; make install clean
 
-For OS X users, libsodium is available via homebrew and can be installed with:
-
-    brew install libsodium
-
 ### RbNaCl gem
 
 Once you have libsodium installed, add this line to your application's Gemfile:

data/lib/rbnacl.rb

@@ -63,6 +63,10 @@ module RbNaCl
   require "rbnacl/hash/sha512"
   require "rbnacl/hash/blake2b"
 
+  # Password hash function: scrypt
+  require "rbnacl/password_hash"
+  require "rbnacl/password_hash/scrypt"
+
   # HMAC: SHA256 and SHA512256
   require "rbnacl/hmac/sha256"
   require "rbnacl/hmac/sha512256"

data/lib/rbnacl/password_hash.rb

@@ -0,0 +1,39 @@
+# encoding: binary
+module RbNaCl
+  # Password hashing functions
+  #
+  # These hash functions are designed specifically for the purposes of securely
+  # storing passwords in a way that they can be checked against a supplied
+  # password but an attacker who obtains a hash cannot easily reverse them back
+  # into the original password.
+  #
+  # Unlike normal hash functions, which are intentionally designed to hash data
+  # as quickly as they can while remaining secure, password hashing functions
+  # are intentionally designed to be slow so they are hard for attackers to
+  # brute force.
+  #
+  # All password hashing functions take a "salt" value which should be randomly
+  # generated on a per-password basis (using RbNaCl::Random, accept no
+  # subsitutes)
+  #
+  # All of them also take a CPU work factor, which increases the amount of
+  # computation needed to produce the digest.
+  module PasswordHash
+    # scrypt: the original sequential memory hard password hashing function.
+    # This is also the only password hashing function supported by libsodium,
+    # but that's okay, because it's pretty awesome.
+    #
+    # @param [String] password to be hashed
+    # @param [String] salt to make the digest unique
+    # @param [Integer] opslimit the CPU cost (e.g. 2**20)
+    # @param [Integer] memlimit the memory cost (e.g. 2**24)
+    # @param [Integer] digest_size of the output
+    #
+    # @raise [CryptoError] If calculating the digest fails for some reason.
+    #
+    # @return [String] The scrypt digest as raw bytes
+    def self.scrypt(password, salt, opslimit, memlimit, digest_size = 64)
+      SCrypt.new(opslimit, memlimit, digest_size).digest(password, salt)
+    end
+  end
+end

data/lib/rbnacl/password_hash/scrypt.rb

@@ -0,0 +1,70 @@
+# encoding: binary
+module RbNaCl
+  module PasswordHash
+    # The scrypt sequential memory hard password hashing function
+    #
+    # scrypt is a password hash (or password based KDF). That is to say, where
+    # most hash functions are designed to be fast because hashing is often a
+    # bottleneck, scrypt is slow by design, because it's trying to "strengthen"
+    # the password by combining it with a random "salt" value then perform a
+    # series of operation on the result which are slow enough to defeat
+    # brute-force password cracking attempts.
+    #
+    # scrypt is similar to the bcrypt and pbkdf2 password hashes in that it's
+    # designed to strengthen passwords, but includes a new design element
+    # called "sequential memory hardness" which helps defeat attempts by
+    # attackers to compensate for their lack of memory (since they're typically
+    # on GPUs or FPGAs) with additional computation.
+    class SCrypt
+      extend Sodium
+
+      begin
+        sodium_type      :pwhash
+        sodium_primitive :scryptxsalsa208sha256
+
+        sodium_constant :SALTBYTES
+
+        sodium_function  :scrypt,
+                         :crypto_pwhash_scryptxsalsa208sha256,
+                         [:pointer, :ulong_long, :pointer, :ulong_long, :pointer, :ulong_long, :size_t]
+
+
+
+        # Create a new SCrypt password hash object
+        #
+        # @param [Integer] opslimit the CPU cost (e.g. 2**20)
+        # @param [Integer] memlimit the memory cost (e.g. 2**24)
+        #
+        # @return [RbNaCl::PasswordHash::SCrypt] An SCrypt password hasher object
+        def initialize(opslimit, memlimit, digest_size = 64)
+          # TODO: sanity check these parameters
+          @opslimit, @memlimit = opslimit, memlimit
+
+          # TODO: check digest size validity
+          #raise LengthError, "digest size too short" if @digest_size < BYTES_MIN
+          #raise LengthError, "digest size too long"  if @digest_size > BYTES_MAX
+
+          @digest_size = digest_size
+        end
+
+        # Calculate an scrypt digest for a given password and salt
+        #
+        # @param [String] password to be hashed
+        # @param [String] salt to make the digest unique
+        #
+        # @return [String] scrypt digest of the string as raw bytes
+        def digest(password, salt)
+          digest = Util.zeros(@digest_size)
+          salt   = Util.check_string(salt, SALTBYTES, "salt")
+
+          self.class.scrypt(digest, @digest_size, password, password.bytesize, salt, @opslimit, @memlimit) || raise(CryptoError, "scrypt failed!")
+          digest
+        end
+      rescue FFI::NotFoundError
+        def initialize(opslimit, memlimit, digest_size = 64)
+          raise NotImplementedError, "scrypt not implemented in this version of libsodium"
+        end
+      end
+    end
+  end
+end

data/lib/rbnacl/rake_tasks.rb

@@ -3,8 +3,8 @@ require 'rake'
 require 'rake/clean'
 require 'digest/sha2'
 
-LIBSODIUM_VERSION = "0.4.5"
-LIBSODIUM_DIGEST  = "7ad5202df53eeac0eb29b064ae5d05b65d82b2fc1c082899c9c6a09b0ee1ac32"
+LIBSODIUM_VERSION = "0.5.0"
+LIBSODIUM_DIGEST  = "3ca0a0619199a2adb3449eb7f1bf6e1f4fb2ef8514da9133f7f043b8b5cdf9f0"
 
 def sh_hidden(command)
   STDERR.puts("*** Executing: #{command}")

data/lib/rbnacl/test_vectors.rb

@@ -85,6 +85,17 @@ module RbNaCl
     :blake2b_keyed_digest  => "142709d62e28fcccd0af97fad0f8465b971e82201dc51070faa0372aa43e9248" +
                               "4be1c1e73ba10906d5d1853db6a4106e0a7bf9800d373d6dee2d46d62ef2a461",
 
+    # scrypt test vectors
+    # Taken from http://tools.ietf.org/html/draft-josefsson-scrypt-kdf-01#page-14
+    :scrypt_password => "4a857e2ee8aa9b6056f2424e84d24a72473378906ee04a46cb05311502d5250b" +
+                        "82ad86b83c8f20a23dbb74f6da60b0b6ecffd67134d45946ac8ebfb3064294bc" + 
+                        "097d43ced68642bfb8bbbdd0f50b30118f5e",
+    :scrypt_salt     => "39d82eef32010b8b79cc5ba88ed539fbaba741100f2edbeca7cc171ffeabf258",
+    :scrypt_opslimit => 758010,
+    :scrypt_memlimit => 5432947,
+    :scrypt_digest   => "bcc5c2fd785e4781d1201ed43d84925537e2a540d3de55f5812f29e9dd0a4a00" + 
+                        "451a5c8ddbb4862c03d45c75bf91b7fb49265feb667ad5c899fdbf2ca19eac67",
+
     # Auth test vectors
     # Taken from NaCl distribution
     #

data/lib/rbnacl/version.rb

@@ -1,5 +1,5 @@
 # encoding: binary
 module RbNaCl
   # The library's version
-  VERSION = "3.0.1"
+  VERSION = "3.1.0"
 end

data/spec/rbnacl/password_hash/scrypt_spec.rb

@@ -0,0 +1,21 @@
+# encoding: binary
+require 'spec_helper'
+
+describe RbNaCl::PasswordHash::SCrypt do
+  let(:reference_password) { vector :scrypt_password }
+  let(:reference_salt)     { vector :scrypt_salt }
+  let(:reference_opslimit) { RbNaCl::TestVectors[:scrypt_opslimit] }
+  let(:reference_memlimit) { RbNaCl::TestVectors[:scrypt_memlimit] }
+  let(:reference_digest)   { vector :scrypt_digest }
+
+  it "calculates the correct diest for a reference password/salt" do
+    digest = RbNaCl::PasswordHash.scrypt(
+      reference_password,
+      reference_salt,
+      reference_opslimit,
+      reference_memlimit
+    )
+
+    expect(digest).to eq reference_digest
+  end
+end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: rbnacl
 version: !ruby/object:Gem::Version
-  version: 3.0.1
+  version: 3.1.0
 platform: ruby
 authors:
 - Tony Arcieri
@@ -10,7 +10,7 @@ autorequire:
 bindir: bin
 cert_chain:
 - bascule.cert
-date: 2014-05-13 00:00:00.000000000 Z
+date: 2014-05-23 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: ffi
@@ -108,6 +108,8 @@ files:
 - lib/rbnacl/init.rb
 - lib/rbnacl/key_comparator.rb
 - lib/rbnacl/one_time_auths/poly1305.rb
+- lib/rbnacl/password_hash.rb
+- lib/rbnacl/password_hash/scrypt.rb
 - lib/rbnacl/rake_tasks.rb
 - lib/rbnacl/random.rb
 - lib/rbnacl/secret_boxes/xsalsa20poly1305.rb
@@ -132,6 +134,7 @@ files:
 - spec/rbnacl/hash_spec.rb
 - spec/rbnacl/hmac/sha256_spec.rb
 - spec/rbnacl/hmac/sha512256_spec.rb
+- spec/rbnacl/password_hash/scrypt_spec.rb
 - spec/rbnacl/random_spec.rb
 - spec/rbnacl/secret_box_spec.rb
 - spec/rbnacl/signatures/ed25519/signing_key_spec.rb
@@ -181,6 +184,7 @@ test_files:
 - spec/rbnacl/hash_spec.rb
 - spec/rbnacl/hmac/sha256_spec.rb
 - spec/rbnacl/hmac/sha512256_spec.rb
+- spec/rbnacl/password_hash/scrypt_spec.rb
 - spec/rbnacl/random_spec.rb
 - spec/rbnacl/secret_box_spec.rb
 - spec/rbnacl/signatures/ed25519/signing_key_spec.rb